Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0285

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2011 | 00:00
Updated At-06 Aug, 2024 | 21:51
Rejected At-
Credits

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2011 | 00:00
Updated At:06 Aug, 2024 | 21:51
Rejected At:
▼CVE Numbering Authority (CNA)

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/517484/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-0447.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/47310
vdb-entry
x_refsource_BID
http://secunia.com/advisories/44181
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1025320
vdb-entry
x_refsource_SECTRACK
https://hermes.opensuse.org/messages/8086843
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/44125
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/44196
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0997
vdb-entry
x_refsource_VUPEN
http://osvdb.org/71789
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2011/0936
vdb-entry
x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2011/0986
vdb-entry
x_refsource_VUPEN
http://securityreason.com/securityalert/8200
third-party-advisory
x_refsource_SREASON
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
vendor-advisory
x_refsource_FEDORA
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/47310
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/44181
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1025320
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://hermes.opensuse.org/messages/8086843
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/44125
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/44196
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://osvdb.org/71789
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securityreason.com/securityalert/8200
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/517484/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0447.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/47310
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/44181
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1025320
vdb-entry
x_refsource_SECTRACK
x_transferred
https://hermes.opensuse.org/messages/8086843
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/44125
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/44196
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0997
vdb-entry
x_refsource_VUPEN
x_transferred
http://osvdb.org/71789
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2011/0936
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2011/0986
vdb-entry
x_refsource_VUPEN
x_transferred
http://securityreason.com/securityalert/8200
third-party-advisory
x_refsource_SREASON
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
x_refsource_CONFIRM
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47310
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/44181
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025320
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://hermes.opensuse.org/messages/8086843
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/44125
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/44196
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://osvdb.org/71789
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securityreason.com/securityalert/8200
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2011 | 00:55
Updated At:11 Apr, 2025 | 00:51

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7.1
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.1
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.2
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.3
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726cve@mitre.org
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.htmlcve@mitre.org
N/A
http://osvdb.org/71789cve@mitre.org
N/A
http://secunia.com/advisories/44125cve@mitre.org
N/A
http://secunia.com/advisories/44181cve@mitre.org
N/A
http://secunia.com/advisories/44196cve@mitre.org
N/A
http://securityreason.com/securityalert/8200cve@mitre.org
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txtcve@mitre.org
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0447.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/517484/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/47310cve@mitre.org
N/A
http://www.securitytracker.com/id?1025320cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0936cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0986cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0997cve@mitre.org
N/A
https://hermes.opensuse.org/messages/8086843cve@mitre.org
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726af854a3a-2127-422b-91ae-364da2661108
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/71789af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44125af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44181af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44196af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/8200af854a3a-2127-422b-91ae-364da2661108
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txtaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0447.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/517484/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47310af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025320af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0936af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0986af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0997af854a3a-2127-422b-91ae-364da2661108
N/A
https://hermes.opensuse.org/messages/8086843af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/71789
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44125
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44181
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44196
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8200
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47310
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025320
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8086843
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/71789
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44125
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8200
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47310
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025320
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8086843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

390Records found
CVE-2006-5938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.52% / 65.75%
||
7 Day CHG~0.00%
Published-16 Nov, 2006 | 00:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.

Action-Not Available
Vendor-grisoftn/a
Product-avg_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0647
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||HIGH
EPSS-72.63% / 98.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-replication_managernetworker_modulen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18349
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.73% / 99.60%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 20:00
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.

Action-Not Available
Vendor-pippoalibaban/a
Product-pippofastjsonn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4812
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-74.00% / 98.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18067
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 78.50%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4811
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-83.54% / 99.24%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18074
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaremdm9640_firmwaresd_412sd_808_firmwaresd_400sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaremdm9607sd_210mdm9645mdm9645_firmwaresd_820_firmwaremdm9625_firmwaresd_808sd_820sd_410sd_400_firmwaresd_425_firmwaresd_212_firmwaremdm9655sd_412_firmwaremdm9635mmdm9625sd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212mdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3443
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-7.92% / 91.67%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wide_area_application_servicesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3609
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-3.05% / 86.16%
||
7 Day CHG~0.00%
Published-08 Sep, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Action-Not Available
Vendor-supermicron/a
Product-x9scl-fx8dtu-ln4f\+x9qri-f\+x9sre-fh8dgg-qfx9dre-ln4fx9drff-7tg\+x9qr7-tfh8sme-fx9drl-ifx9sri-fh8dgt-hfh8dct-hln4fx9dr7-ln4fx9qri-fx7spe-hfx9drg-hf\+x9db3-fx9drd-7ln4f-jbodx8dtu-6f\+x9srl-fx9drw-3tf\+h8dgt-hlfx7spa-hfx9dri-ln4f\+x9sri-3fx8dtl-3fx9dax-7fx7spe-h-d525h8sgl-fx9drh-ifh8dgt-hlibqfx9drl-3fx9dax-if-hftx9drw-itpf\+x9drd-7ln4fx9drh-7tfx8sie-fx9drt-h6ibffh8dgt-hibqfx9drg-htfx8dtl-6fx9scm-iifx9drff-ig\+x9srg-fx9drff-7x9drt-ibqfx8dtn\+-fx9dax-7tfx9qr7-tf-jbodx9drw-3ln4f\+h8sml-7h8sml-7fx9drd-efx9dbu-ifh8sml-ix9dbu-3fx8dtu-6tf\+-lrx8siu-fx9drff-7t\+h8dgi-fh8dcl-ifx9scff-fx9drff-7\+x9drff-7g\+x9drt-hf\+x9scd-fx9drt-fx7spa-hf-d525h8dcl-6fh8dgu-fx9dbi-fx9dbl-3fx9dr7-ln4f-jbodx8sil-fx9drd-7jln4fx9sce-fx8dtu-ln4f\+-lrh8dct-ibqfh8sml-ifx9drffx8sit-fh8scm-fx9db3-tpfx9dri-fx8sia-fx9drh-7fx9drg-hfx9drw-7tpf\+x9drt-h6ibqfx8dtn\+-f-lrx9sbaa-fx9drg-htf\+x7spt-df-d525x9sca-fx9dr7-tf\+x9drff-it\+x8dtl-ifx9drh-itfh8dg6-fx9dr3-fx8dtu-6f\+-lrx9dax-ifx9drff-i\+x8sie-ln4fx9drff-itg\+x7spt-df-d525\+x9scl\+-fx9drl-efx9sre-3fx8si6-fx9drx\+-fx9drt-ibffx9drfrx9sci-ln4fx9drd-ifh8dct-hibqfh8dgu-ln4f\+x9srw-fx9dbl-ifx9dax-itfx9dax-7f-hftx9srd-fx9spu-fx8sit-hfx9qr7-tf\+x9dbi-tpfx9scm-fx7spe-hf-d525x9dre-tf\+x9drt-h6fx8dtu-6tf\+x9dr3-ln4f\+n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3608
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG~0.00%
Published-08 Sep, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

Action-Not Available
Vendor-supermicron/a
Product-x9scl-fx8dtu-ln4f\+x9qri-f\+x9sre-fh8dgg-qfx9dre-ln4fx9drff-7tg\+x9qr7-tfh8sme-fx9drl-ifx9sri-fh8dgt-hfh8dct-hln4fx9dr7-ln4fx9qri-fx7spe-hfx9drg-hf\+x9db3-fx9drd-7ln4f-jbodx8dtu-6f\+x9srl-fx9drw-3tf\+h8dgt-hlfx7spa-hfx9dri-ln4f\+x9sri-3fx8dtl-3fx9dax-7fx7spe-h-d525h8sgl-fx9drh-ifh8dgt-hlibqfx9drl-3fx9dax-if-hftx9drw-itpf\+x9drd-7ln4fx9drh-7tfx8sie-fx9drt-h6ibffh8dgt-hibqfx9drg-htfx8dtl-6fx9scm-iifx9drff-ig\+x9srg-fx9drff-7x9drt-ibqfx8dtn\+-fx9dax-7tfx9qr7-tf-jbodx9drw-3ln4f\+h8sml-7h8sml-7fx9drd-efx9dbu-ifh8sml-ix9dbu-3fx8dtu-6tf\+-lrx8siu-fx9drff-7t\+h8dgi-fh8dcl-ifx9scff-fx9drff-7\+x9drff-7g\+x9drt-hf\+x9scd-fx9drt-fx7spa-hf-d525h8dcl-6fh8dgu-fx9dbi-fx9dbl-3fx9dr7-ln4f-jbodx8sil-fx9drd-7jln4fx9sce-fx8dtu-ln4f\+-lrh8dct-ibqfh8sml-ifx9drffx8sit-fh8scm-fx9db3-tpfx9dri-fx8sia-fx9drh-7fx9drg-hfx9drw-7tpf\+x9drt-h6ibqfx8dtn\+-f-lrx9sbaa-fx9drg-htf\+x7spt-df-d525x9sca-fx9dr7-tf\+x9drff-it\+x8dtl-ifx9drh-itfh8dg6-fx9dr3-fx8dtu-6f\+-lrx9dax-ifx9drff-i\+x8sie-ln4fx9drff-itg\+x7spt-df-d525\+x9scl\+-fx9drl-efx9sre-3fx8si6-fx9drx\+-fx9drt-ibffx9drfrx9sci-ln4fx9drd-ifh8dct-hibqfh8dgu-ln4f\+x9srw-fx9dbl-ifx9dax-itfx9dax-7f-hftx9srd-fx9spu-fx8sit-hfx9qr7-tf\+x9dbi-tpfx9scm-fx7spe-hf-d525x9dre-tf\+x9drt-h6fx8dtu-6tf\+x9dr3-ln4f\+n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3573
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-0.91% / 74.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3594
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-5.03% / 89.33%
||
7 Day CHG~0.00%
Published-20 Jan, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.

Action-Not Available
Vendor-n/aDell Inc.
Product-powerconnect_5324powerconnect_3524ppowerconnect_3348n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2093
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.81% / 87.64%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 20:13
Updated-06 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-Dolibarr ERP & CRM
Product-dolibarr_erp\/crmdolibarr
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1710
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-79.22% / 99.03%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-3416
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-8.1||HIGH
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 13:55
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.

Action-Not Available
Vendor-ZTE Corporation
Product-zxv10_b860a_firmwarezxv10_b860aZXV10 B860A
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1318
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-61.37% / 98.26%
||
7 Day CHG~0.00%
Published-15 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 00:03
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-mojoliciousn/a
Product-mojoliciousn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6392
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-4.18% / 88.24%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Linux Kernel Organization, Inc
Product-prime_lan_management_solutionlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4704
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||HIGH
EPSS-14.89% / 94.27%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

Action-Not Available
Vendor-3s-softwaren/a
Product-codesys_gateway-servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.51% / 65.27%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 00:03
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-mojoliciousn/a
Product-mojoliciousn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14914
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2321
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-3.49% / 87.12%
||
7 Day CHG~0.00%
Published-18 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.

Action-Not Available
Vendor-connmann/a
Product-connmann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3021
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.

Action-Not Available
Vendor-gen/a
Product-intelligent_platforms_proficy_real-time_information_portaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4899
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.48% / 88.66%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.

Action-Not Available
Vendor-novastorn/a
Product-novabackup_datacentern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32974
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.83% / 73.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5150a-12i\/o_firmwarenport_iaw5250a-6i\/onport_iaw5150a-6i\/o_firmwarenport_iaw5150a-6i\/onport_iaw5250a-6i\/o_firmwarenport_iaw5250a-12i\/onport_iaw5150a-12i\/onport_iaw5250a-12i\/o_firmwareNPort IAW5000A-I/O series firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33527
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-6.38% / 90.62%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:24
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Action-Not Available
Vendor-mbconnectlineMB connect line
Product-mbdialupmbDIALUP
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14908
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-49.02% / 97.69%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2822
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-10||HIGH
EPSS-0.35% / 56.83%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCMicrosoft Corporation
Product-windowschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.50% / 87.14%
||
7 Day CHG~0.00%
Published-16 May, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.69% / 88.92%
||
7 Day CHG~0.00%
Published-05 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Action-Not Available
Vendor-ironmountainn/a
Product-connected_backupn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1853
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-15.65% / 94.44%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14909
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2628
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-18.85% / 95.05%
||
7 Day CHG~0.00%
Published-01 Jul, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1849
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-11.81% / 93.45%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2092
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.27% / 83.97%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Action-Not Available
Vendor-n/aAdobe Inc.
Product-blazedslivecyclelivecycle_data_servicesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14913
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 72.05%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 15:00
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_625sd_652sd_835_firmwaresd_625_firmwaresd_650sd_835sd_845_firmwaresd_652_firmwaresd_845mdm9206_firmwaresd_650_firmwareSnapdragon IoT, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-47.85% / 97.63%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpexchange_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.33% / 79.16%
||
7 Day CHG~0.00%
Published-07 Jul, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_doors_web_accessn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.11% / 91.80%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Action-Not Available
Vendor-trustixopenpkgn/aUbuntuThe PHP Group
Product-phpopenpkgsecure_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1018
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-22.71% / 95.65%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Action-Not Available
Vendor-logwatchn/a
Product-logwatchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-4935
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.38% / 58.37%
||
7 Day CHG~0.00%
Published-23 Sep, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-82.01% / 99.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.78% / 90.93%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.68% / 87.44%
||
7 Day CHG~0.00%
Published-20 Oct, 2007 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1268
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-37.09% / 97.04%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0661
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-63.00% / 98.32%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.71% / 88.95%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-89.89% / 99.55%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.45% / 90.68%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Action-Not Available
Vendor-phorumn/a
Product-phorumn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found