Adobe Acrobat and Reader U3D Texture Parsing Buffer Overflow (APSB12-16) - Ver2 (CVE-2012-2049)

A stack buffer overflow vulnerability has been reported in Adobe Reader. The vulnerability is due to lack of bounds checking when handling PDF files containing specially crafted strings. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation - Ver2 (CVE-2012-1710)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in a certain method in the Sssplt30 ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to op...

Wing FTP Server Admin /admin_loglist.html Cross-Site Request Forgery Vulnerability

WingFTPServer is a professional cross-platform FTP server , it has good speed , reliability and a friendly configuration interface . A cross-site request forgery vulnerability exists in WingFTPServer Admin /adminloglist.html, which allows remote attackers to construct malicious URIs, trick users...

Multiple Cross-Site Request Forgery Vulnerabilities in Landesk Management Suite

LANDESK Management Suite is a set of IT systems management solutions from the U.S. company LANDESK. A cross-site request forgery vulnerability exists in LANDESK Management Suite 9, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious...

Multiple Cross-Site Request Forgery Vulnerabilities in Kemp Virtual LoadMaster

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the context of the target user...

MetalGenix GeniXCMS Cross-Site Request Forgery Vulnerability

MetalGenix GeniXCMS is a content management system. A cross-site request forgery vulnerability exists in MetalGenix GeniXCMS. This allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...

UBUNTU-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

Kodi Cross-Site Request Forgery Vulnerability

Kodi is a famous entertainment media center. Kodi suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...

WebWasher CSM 4.4.1 Build 752 Conf Script Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13037/info It is reported that the WebWasher 'conf' script is prone to a cross-site scripting vulnerability. A remote attacker may exploit this issue to have arbitrary script and HTML code executed in the browser of a...

SIPS 0.2.2 User Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in...

Vortex Media Group Light Alloy M3U File Handling Buffer Overflow (CVE-2013-6874)

A stack buffer overflow vulnerability has been reported in Light Alloy media player. The vulnerability is due to a lack of boundary check when handling M3U files. Successful exploitation could allow arbitrary code execution in the context of the target user...

Microsoft Office RTF Mismatch Memory Corruption (MS12-029) - Ver2 (CVE-2012-0183)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to a memory corruption while parsing specially crafted RTF-formatted data. A remote attacker can exploit this issue by enticing a target user to open a specially crafted RTF file. Successful...

Belkin Linksys E1500/E2500 Remote Command Execution

A remote command execution vulnerability exists in multiple Belkin Linksys routers. The vulnerability is due to improper input validation in the router's Web interface. A remote attacker could exploit this vulnerability by sending a malicious HTTP request to the victim. Successful exploitation of...

Adobe Reader PDF File DLL Injection Remote Code Execution (APSA13-02; CVE-2013-0640)

A remote code execution vulnerability has been reported in Adobe Reader. The vulnerability is due to a dll injection while handling malformed PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an...

globalSCAPE CuteZIP Stack Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/zip' class Metasploit3 'globalSCAPE CuteZIP...

Adobe Photoshop TIFF Parsing Heap Buffer Overflow

A remote code execution vulnerability has been reported in Adobe Photoshop. The vulnerability is due to a heap buffer overflow when handling specially crafted TIFF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file using an...

Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments ...

Update Protection against Joomla! HTTP Header Script Injection

Joomla! is a content management system CMS designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser...

Update Protection against Microsoft Windows GDIplus GpFont.SetData Integer Overflow

A vulnerability has been reported in Microsoft Windows Graphics Device Interface GDI. GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. The vulnerability occurs when an application that uses the affected...

Invision Power Board 2.1.5 - from_contact SQL Injection

Invision Power Board 2.1.5 - fromcontact SQL Injection !/usr/bin/perl IPB =2.1.4 exploit possibly 2.1.5 too Brought to you by the Ykstortion security team. The bug is in the pm system so you must have a registered user. The exploit will extract a password hash from the forum's data base of the...