Microsoft Office Mail Attachment Containing Malicious Downloader

A Microsoft Office Mail attachment containing a malicious downloader was observed as part of Locky ransomware campaign. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the targe...

Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)

An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...

Microsoft Windows Media Center Remote Code Execution (MS15-100: CVE-2015-2509)

A flaw has been reported in Windows Media Center when parsing MCL files. This flaw could allow malicious users to execute arbitrary code on a target Windows system by enticing the victim to open a specially crafted Media Center file...

Adobe Flash Player Type Confusion (APSB15-16: CVE-2015-3122)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file. Successful...

Adobe Flash Player BitmapData Remote Code Execution (APSA15-04: CVE-2015-5123)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file. Successful...

Microsoft PowerPoint OfficeArt Atom Remote Code Execution (MS11-022) - Ver2 (CVE-2011-0976)

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability...

Microsoft Excel File Format Code Execution (MS12-030) - Ver2 (CVE-2012-0141)

A remote code execution vulnerability has been reported in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel handles memory when opening specially crafted Excel files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted Exc...

Honeywell Falcon XL Web Controller Directory Traversal Vulnerability - Active Check

Honeywell Falcon XL Web Controller is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft DirectShow Size Validation Remote Code Execution (MS09-028) - Ver2 (CVE-2009-1539)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The vulnerability is due to an error in the Microsoft DirectShow component that fails to properly validate certain size fields within...

Microsoft Word RTF Object Parsing Memory Corruption (MS08-072) - Ver2 (CVE-2008-4030)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

Microsoft Office Files Containing Malicious Downloader

Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...

Nuclear Exploit Kit Redirection

Nuclear Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Path Traversal

No description provided by source. Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification:...

IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service Exploit

No description provided by source. Discovered by Dennis Yurichev [email protected] DB2TEST database should be present on target system GUEST account with QQ password shoule be present on target system from sys import from socket import sockobj = socketAFINET, SOCKSTREAM sockobj.connect argv1, 500...

NetGear MA521 Wireless Driver 5.148.724 Long Beacon Probe Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21175/info NetGear MA521 Wireless device is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory...

SIPS 0.2.2 User Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in...

Perception LiteServe 2.0 CGI Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further...

WSMP3 0.0.x Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7642/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system...

Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficien...

Microsoft SQL Server Payload Execution

No description provided by source. $Id: mssqlpayload.rb 11392 2010-12-21 20:36:34Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...