pngcrush Remote Code Execution Vulnerability

pngcrush is an image optimization and compression tool. A security vulnerability exists in pngcrush that allows an attacker to exploit the vulnerability to construct malicious files that can be induced to be parsed by the application, which can crash the application or execute code...

UBUNTU-CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-01120)

Microsoft Internet Explorer is a WEB-based browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to construct a malicious web page and trick a user into parsing it, which could crash the application or execute arbitrary code...

Microsoft Internet Explorer CVE-2015-0030 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

CVE-2015-0317

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319...

Adobe Flash Player suffers from an unspecified null pointer reference vulnerability (CNVD-2015-00949)

Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from an unspecified null pointer reference vulnerability that allows attackers to construct malicious SWF files that can be tricked into parsing by a user, which can execute arbitrary code in the application context...

Adobe Flash Player suffers from unspecified memory corruption vulnerability (CNVD-2015-00964)

Adobe Flash Player is a Flash file handling program. An unspecified memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to construct a malicious SWF file and trick a user into parsing it, which can be used in an application context to execute arbitrary code...

Adobe Flash Player suffers from unspecified null pointer reference vulnerability (CNVD-2015-00941)

Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from an unspecified null pointer reference vulnerability that allows attackers to construct malicious SWF files that can be tricked into parsing by a user, which can execute arbitrary code in the application context...

Apple TV and iOS .dfont file memory corruption vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. A memory corruption vulnerability exists in the way Apple TV and iOS handle...

Apple TV and iOS Font File Handling Buffer Overflow Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a buffer overflow vulnerability in font files,...

Apple TV and iOS XML Parser Buffer Overflow Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. A buffer overflow vulnerability exists in the processing of XML files in App...

PHP 5.6.x < 5.6.5 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.5. It is, therefore, affected by multiple vulnerabilities: - A double free vulnerability in the zendtshashgracefuldestroy function in zendtshash.c in the Zend Engine could allow a remote attacker to cau...

Unspecified Vulnerability in Oracle SOA Suite B2B Engine Subcomponent

Oracle SOA Suite is a comprehensive, hot-pluggable software suite for building, deploying, and managing service-oriented architectures SOA. A security vulnerability exists in the Oracle SOA Suite B2B Engine subcomponent that could be exploited by a local attacker to execute arbitrary code...

Updated coreutils packages fix CVE-2014-9471

Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471...

SAP NetWeaver Dispatcher Buffer Overflow Vulnerability

SAP NetWeaver is an integrated application platform based on professional standards that significantly reduces the complexity of system integration. A buffer overflow vulnerability exists in SAP NetWeaver Dispatcher, which could be exploited by remote attackers to execute arbitrary code or to den...

AdaptCMS Arbitrary File Upload Vulnerability

AdaptCMS is a content management system. An arbitrary file upload vulnerability exists in AdaptCMS that could be exploited by an attacker to upload arbitrary files to an affected computer, which could result in the execution of arbitrary code within the context of the application...

ALLPlayer-5.8.1-(.m3u)-

Exploit Title: ALLPlayer 5.8.1 - .m3u Buffer Overflow SEH Date: Mar 1 2014 Exploit Author: Gabor Seljan Software Link: http://www.allplayer.org/download/allplayer Version: 5.8.1 use strict; use warnings; my $filename = "sploit.m3u"; my $junk1 = "\x41" x 301; Offset to SEH my $nSEH = "\x61\x50";...

CVE-2014-2217

CVE-2014-2217 describes an absolute path traversal in the RadAsyncUpload control of Telerik UI for ASP.NET AJAX, affecting versions before Q3 2012 SP2. An attacker can supply a full pathname in the UploadID metadata to write arbitrary files on the server and potentially execute arbitrary code. Th...

CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

DEBIAN-CVE-2014-8097

The DBE extension in X.Org X Window System aka X11 or X X11R6.1 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1...