Adobe Flash Player <= 27.0.0.159 Type Confusion Vulnerability (APSB17-32)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.159. It is, therefore, affected by an unspecified type confusion flaw that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincin...

KB4049179: Security update for Adobe Flash Player (October 2017)

The remote Windows host is missing security update KB4049179. It is, therefore, affected by an unspecified type confusion flaw that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially...

The vulnerability of the browser plugin for the remote monitoring software Advantech WebAccess allows a perpetrator to execute arbitrary code.

The vulnerability of the web browser plugin of the remote monitoring software Advantech WebAccess is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

RHEL 6 : flash-plugin (RHSA-2017:1731)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1731 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to...

Ubisoft uPlay < 2.0.4 Browser Plugin RCE

According to its version number, the Ubisoft uPlay application installed on the remote host is prior to 2.0.4. It is, therefore, affected by a remote code execution vulnerability in the web browser plugin due to improper validation of user-supplied input passed via the '-orbitexepath' command lin...

Debian Security Advisory DSA 3792-1 (libreoffice - security update)

Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information. OpenVAS Vulnerability Test $Id: deb3792.nasl 8091 2017-12-13 06:22:57Z teiss...

Cisco WebEx Browser Plugin Remote Code Execution Vulnerability

Cisco WebEx is a browser extension plug-in and part of the Cisco web conferencing software. A remote code execution vulnerability exists in the Cisco WebEx browser plug-in. The extension uses nativeMessaging, and an attacker can exploit the vulnerability to execute arbitrary code in a browser usi...

MS16-128: Security Update for Adobe Flash Player (3201860)

The remote Windows host is missing KB3201860. It is, therefore, affected by an arbitrary code execution vulnerability due to a use-after-free error. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to...

See how I use LastPass to get to all your password-vulnerability warning-the black bar safety net

! Please note:the manufacturer has successfully fixed this issue,and the relevant information to inform a Lastpass user. Vulnerability status:has been fixed Repair time frame:9 0 days Vulnerability level:severe Manufacturer:LastPass Product:LastPass Report Date:2 0 1 6 7 2 6, Vulnerability overvi...

WordPress Pdw File Browser Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Updated java packages fix CVE-2016-0636

Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions CVE-2016-0636. Also, the icedtea-web package has been updated to...

Oracle to Kill Java Plugin

It’s the end of an era. Oracle has announced its intent to nail the coffin shut on the Java browser plugin. The company confirmed Wednesday that it expects to deprecate the plugin in JDK 9, slated for release in September, and JRE, in a future Java SE release. Dalibor Topic, a member of Oracle’s...

CVE-2015-6467

Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin...

Code injection

Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin...

CVE-2015-6467

CVE-2015-6467 affects Advantech WebAccess (HMI/SCADA) prior to version 8.1. The vulnerability is a remote code execution via a browser plugin, allowing an attacker to run arbitrary code on the target. Connected sources confirm a remote-exploit scenario and that Advantech released WebAccess 8.1 to...

CVE-2015-6467

Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin...

Microsoft .NET Manifest Resource Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...

Adobe Flash Player for Mac <= 19.0.0.207 Vulnerability (APSB15-27)

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 19.0.0.207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. CVE-2015-7645, CVE-2015-7647,...

Adobe Shockwave Player <= 12.1.9.160 Multiple RCE (APSB15-22)

The remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to 12.1.9.160. It is, therefore, affected by multiple remote code execution vulnerabilities due improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to corrupt...