Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...

Microsoft Windows AppX Deployment Service Junction Arbitrary File Deletion Vulnerability

This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX...

Webmin <= 1.930 XXE Vulnerability

Webmin is prone to an authenticated XXE vulnerability in xmlrpc.cgi. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...

Oracle MySQL Connectors Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle MySQL Connectors installed on the remote host is 8.0.x prior to 8.0.16 or 5.3.x prior to 5.3.13. It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in Connector/J subcomponent. An...

Arbitrary Code Execution

Firefox is vulnerable to arbitrary code execution attacks. A remote user could create specially crafted content that, when loaded by the target user which leads to execute arbitrary code on the target user's system...

Input Validation

RubyGems is vulnerable to input validation errors. A remote, unauthenticated attacker could create a specially crafted RubyGem that, when installed by the target user, will allow the attacker to overwrite arbitrary files on the target system...

Information Disclosure

Linux kernel is vulnerable to information disclosure attacks. A local user could exploit a flaw in the inetdiagmsgsctpaddrsfill, inetdiagmsgsctpladdrsfill, and sctpgetsctpinfo functions in 'net/sctp/sctpdiag.c' to obtain potentially sensitive information in portions of slab memory on the target...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: FTS component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Improper Access Control

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Memcached component to partially modify data and cause denial of service conditions which leads to cause frequently repeatable crash on the target system...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit a flaw in the Server: Optimizer component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Optimizer component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Memcached component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

Arbitrary Code Execution

Java SE is vulnerable to arbitrary code execution attacks. A remote authenticated user can exploit a flaw in the Scripting component which leads to access and modify data on the target system...

Privilege Escalation

Firefox is vulnerable to privilege escalation attacks. A specially crafted WebExtension script may invoke the 'data:' protocol to access data from pages loaded by other web extensions to gain elevated privileges. This leads to obtain sensitive information on the target system...

Information Disclosure

Firefox is vulnerable to information disclosure attacks. While hashed codes of JavaScript objects are shared between pages a remote user can determine an object's address via shared hash codes. This may lead to disclose of sensitive information from the target system...

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

LG SuperSign EZ CMS 2.5 Remote Code Execution (CVE-2018-17173)

A remote code execution vulnerability is exist in LG SuperSign EZ CMS. Successful exploitation could result in arbitrary code execution on the target system...