1077 matches found
Exploit for Use After Free in Microsoft
CVE-2021-31166 0x00.Description This is a proof of concept...
Exploit for Use After Free in Microsoft
CVE-2021-31166 0x00.Description This is a proof of concept...
Exploit for Use After Free in Microsoft
CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vuln...
Microsoft HTTP Protocol Stack Remote Code Execution (CVE-2021-31166)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...
Patch Tuesday - May 2021
Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...
Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical
Microsoft Patch Tuesday – May 2021 Microsoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited. Qualys released 12 QIDs on the sa...
Wormable Windows Bug Opens Door to DoS, RCE
Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...
CVE-2021-31166
HTTP Protocol Stack Remote Code Execution Vulnerability...
Remote code execution
HTTP Protocol Stack Remote Code Execution Vulnerability...
CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability
...
CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability
...
HTTP Protocol Stack Remote Code Execution Vulnerability
...
KLA12174 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions, cause denial of service. Below is a complete list of...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data, Impersonate another user. The vulnerabilities...
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...
CVE-2021-20992
CVE-2021-20992 affects Fibaro Home Center 2 and Lite devices, where the web-based management interface runs over unencrypted HTTP. This enables eavesdropping on user communications and can allow hijacking of sessions, tokens, and passwords. The available sources confirm the issue but do not provi...
Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...
VulnCheck KEV: CVE-2015-1635
Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...