Oracle Outside In vsxl5 GelFrame Record Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

ansible: ansible.cfg is being read from current working directory allowing possible code execution

It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code...

Emotet re-emerges after the holidays

While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have...

The vulnerability of the Microsoft Outlook email client, related to errors in memory object handling mechanisms, allows a perpetrator to execute arbitrary code with the privileges of the current user.

The vulnerability of the Microsoft Outlook email client is related to errors in the memory object handling mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code with the privileges of the current user, using specially crafted content...

OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Protocol. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows VCF Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

Microsoft Visual Studio asm Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on executables compiled using vulnerable installations of Microsoft Visual Studio. Attack vectors will vary depending on the nature of the executable in question. The specific flaw exists within the compilation of asm blocks in Visual...

The vulnerability of the Windows Theme API component of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows Theme API component of the operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially created file...

CVE-2018-20068

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

Microsoft SharePoint Enterprise Server 2016 Cross-Site Scripting Vulnerability

Microsoft SharePoint Enterprise Server 2016 is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. The platform is used to consolidate business information and enables you to share work, collaborate with others, organize projects and workgroups, and search for...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft SharePoint Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2019-16186)

Microsoft SharePoint Enterprise Server 2013 SP1 is a set of enterprise business collaboration platforms from Microsoft for consolidating business information and enabling you to share work, collaborate with others, organize projects and workgroups, and search for people and information. A...

CVE-2018-1888

An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079...

IBM i Access for Windows Untrustworthy Search Path Vulnerability

IBM i Access for Windows is a suite of client solutions from IBM in the United States that provide access to and use of desktop resources from a variety of different Windows operating systems. An untrusted search path vulnerability exists in IBM i Access for Windows version 7.1, which can be...

Horner Automation Cscape CSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...