CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

Microsoft Windows Remote Code Execution Vulnerability (CNVD-2018-10992)

Microsoft Windows is the popular computer operating system. Microsoft Windows "Microsoft COM for Windows" does not properly handle serialized objects, allowing remote attackers to exploit vulnerabilities in special files or scripts that can be parsed by the user to execute arbitrary code...

Exploit for CVE-2017-0213

CVE-2017-0213: Windows COM Elevation of Privilege Vulnerabilit...

CVE-2017-5797

A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center IMC SOM version v7.3 E0501 was found...

CVE-2018-0091

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2017-14023

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators...

CVE-2017-15687

DOM Based Cross Site Scripting XSS exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI...

UBUNTU-CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-6789

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

Cisco PI/EPNM Cross-Site Scripting Vulnerability

Cisco Prime Infrastructure is a solution for wireless management through Cisco Technologies LMS and NCS. Cisco Prime Infrastructure PI, Evolved Programmable Network Manager EPNM has a security vulnerability in the web management interface, where an unauthenticated remote attacker executes a...

Mozilla: Use-after-free with track elements (MFSA 2017-16)

A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

CVE-2017-0214

Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before...

CVE-2017-0213

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a speciall...

Microsoft Windows COM Local Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. Microsoft Windows does not properly validate inputs before loading type librariesA local elevation of privilege vulnerability exists in the implementation, where a local attacker could elevate its privileges...

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional Denial of Service Vulnerability

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens, Germany.SIMATIC WinCC is a Supervisory Control and Data Acquisition SCADA system.SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor...

Microsoft Internet Explorer 111 CMarkup::DestroySplayTree Use-After-Free

body background-color:black; font-color:red; ; / Exploit Title: Internet Explorer 11 CMarkup::DestroySplayTree Use-After-Free Google Dork: n/a Date: 03.05.2017 Exploit Author: Marcin Ressel TT: @resselm Vendor Homepage: www.microsoft.com Software Link: n/a Version: 11.0.9600.18638 Tested on:...

UBUNTU-CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the DCOM application in Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using a specially created application...

Microsoft Windows HelpPane Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows HelpPane. When registering a DCOM object, the Windows COM session name does not properly implement the RunAs privilege, which can be...

UBUNTU-CVE-2017-5403

When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox 52 and Thunderbird 52...