Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2013-2566 — Oracle Communications_application_session_controller: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. CVSSv3.1 5.9 (MEDIUM) · EPSS 100th percentile
CVE-2013-0261 — Openstack Essex: This vulnerability allows the local user to overwrite arbitrary files on the system, potentially
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2012-6437 — Rockwellautomation Controllogix_controllers: The device does not properly authenticate users and the potential exists for a remote
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communicatio CVSSv3.1 9.8 (CRITICAL)
CVE-2012-1854 — Microsoft Office: Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in J CVSSv3.1 7.8 (HIGH) · EPSS 94th percentile
CVE-2011-4044 — Arcinformatique Frontvue: An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods. EPSS 98th percentile
CVE-2010-4478 — Openbsd Openssh: 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile
CVE-2010-3190 — Apple Itunes: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated CVSSv3.1 7.8 (HIGH) · EPSS 98th percentile
CVE-2010-2965 — Rockwellautomation 1756-enbt\/a_firmware: The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2010-0806 — Microsoft Internet_explorer: Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." CVSSv3.1 8.8 (HIGH) · EPSS 100th percentile
CVE-2010-0386 — Sun Java_system_application_server: The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. CVSSv3.1 8.1 (HIGH) · EPSS 72th percentile
CVE-2010-0249 — Microsoft Internet_explorer: Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and Janua CVSSv3.1 8.8 (HIGH) · EPSS 100th percentile
CVE-2009-3555 — Apache Http_server: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HT CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile
CVE-2009-3459 — Adobe Acrobat: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2009-2495 — Microsoft Visual_c\+\+: The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." CVSSv3.1 6.5 (MEDIUM) · EPSS 99th percentile
CVE-2009-2493 — Microsoft Visual_c\+\+: The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) comp CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
CVE-2009-0901 — Microsoft Visual_c\+\+: The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers a CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2009-1537 — Microsoft Directx: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2009-0238 — Microsoft Excel: Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2003-1567 — Microsoft Internet_information_services: The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile
CVE-2004-2761 — Ietf Md5: The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. CVSSv3.1 9.8 (CRITICAL) · EPSS 91th percentile
CVE-2008-4250 — Microsoft Windows_2000: The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2008-4128 — Cisco Ios: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. CVSSv3.1 4.3 (MEDIUM) · EPSS 96th percentile
CVE-2007-6033 — Wonderware Intouch: Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. CVSSv3.1 8.8 (HIGH)
CVE-2007-6013 — Wordpress Wordpress: 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. CVSSv3.1 9.8 (CRITICAL)
CVE-2007-5927 — Openbase_international_ltd Openbase: Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926. CVSSv3.1 8.1 (HIGH)