6680 matches found
SA139 : November 2016 NTP Security Vulnerabilities
SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...
CVE-2017-2950
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...
CVE-2017-2957
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution...
CVE-2017-2950
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...
Pinch and Zoom Does Not Function When Using Receiver on iPad
Unable to zoom and expand application on iPad when using Receiver. The functionality works fine on iPhone...
torcloud.pw XSS vulnerability
Vulnerable URL: http://torcloud.pw/search.php?q='"--!confirmOPENBUGBOUNTY...
sonoworld.com XSS vulnerability
Vulnerable URL: https://www.sonoworld.com/Client/SearchResults.aspx?SearchString=fetal heart'"--!...
cpotools.com XSS vulnerability
Vulnerable URL: http://www.cpotools.com/on/demandware.store/Sites-Bosch-Site/default/Search-Show?q=tools'"--!...
brooksrunning.com XSS vulnerability
Vulnerable URL: http://www.brooksrunning.com/enus/search?q=beast'"--!...
ucsf.edu XSS vulnerability
Vulnerable URL: http://www.ucsf.edu/search?search=alert/OPENBUGBOUNTY/...
echobridgeac.com XSS vulnerability
Vulnerable URL: http://www.echobridgeac.com/search.php?keyword=sd=homeent...
CVE-2016-7966
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...
CVE-2016-7966
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...
The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code
The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code as a result of violating the search functionality...
ljudfokus.se XSS vulnerability
Vulnerable URL: http://www.ljudfokus.se/showseek.php?searchstring=...
CVE-2016-7868
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...
CVE-2016-7868
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...
CVE-2016-7868
Adobe Flash Player suffers a buffer overflow/underflow in the RegExp class related to alternation, affecting versions 23.0.0.207 and earlier and 11.2.202.644 and earlier. Successful exploitation could lead to arbitrary code execution. Remediation: upgrade to version 24.0.0.186 or newer as the fix...
Splunk Enterprise SSRF Vulnerability (SP-CAAAPSR)
Splunk Enterprise is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Design/Logic Flaw
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...