13 matches found
CVE-2020-27250
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014, a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-base...
CVE-2020-13579
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation...
CVE-2020-13579
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation...
PT-2020-3975 · Microsoft · Edge +2
Name of the Vulnerable Software and Affected Versions: Windows Text Service Module affected versions not specified Description: A remote code execution issue exists due to improper memory handling by the Windows Text Service Module, allowing an attacker to gain execution on a victim system. This...
Microsoft Browser Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Security Updates for Microsoft Office Products (February 2020) (macOS)
The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to Microsoft Excel improperly handling objects in memory. An attacker who successfully exploited the vulnerability...
Microsoft Browser Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve a...
Multiple Cobalt Personality Disorder
Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11799)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine in Edge renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
APC PowerChute Network Shutdown HTTP Response Splitting and Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/33924/info APC PowerChute Network Shutdown is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1785)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Nullsoft Winamp Advanced Module Format File Buffer Overflow
A remote code execution vulnerability has been reported in Nullsoft Winamp. The vulnerability is caused due to a heap buffer overflow while handling specially crafted Advanced Module Format .amf files. A remote attacker may trigger this vulnerability by enticing a user to open a specially crafted...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description iDefense labs discovered a problem within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. D...