Security Vulnerabilities - Known exploited
CVE-2007-5659
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
Known exploited
CVSS Score
7.8
EPSS Score
0.932
Published
2008-02-12
CVE-2008-0655
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
Known exploited
CVSS Score
9.8
EPSS Score
0.688
Published
2008-02-07
CVE-2007-3010
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Known exploited
CVSS Score
9.8
EPSS Score
0.94
Published
2007-09-18
CVE-2007-0671
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
Known exploited
CVSS Score
8.8
EPSS Score
0.692
Published
2007-02-03
CVE-2006-2492
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
Known exploited
CVSS Score
8.8
EPSS Score
0.832
Published
2006-05-20
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Known exploited
CVSS Score
7.5
EPSS Score
0.155
Published
2006-03-30
CVE-2005-2773
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
Known exploited
CVSS Score
9.8
EPSS Score
0.912
Published
2005-09-02
CVE-2004-1464
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Known exploited
CVSS Score
5.9
EPSS Score
0.017
Published
2004-12-31
CVE-2004-0210
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2004-08-06
CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
Known exploited
CVSS Score
7.8
EPSS Score
0.011
Published
2002-06-25