CVE-2016-9498 ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...

Adobe Acrobat Pro DC WebLink rect Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within GSU...

SSE-C Cryptographic Flaw

github.com/minio/minio is vulnerable to cryptographic flaws. The vulnerability exists as there is a weakness in the derived key-encryption-key for SSE-C encrypted objects. The vulnerability allows malicious users to replace objects that are encrypted with the same client key as it was not bound t...

Chrome V8 KeyAccumulator Bug

Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of the result array of "Reflect.ownKeysarr". 2. The shift method invokes the...

typo3 -- multiple vulnerabilities

Typo3 core team reports: It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

Microsoft Windows Denial of Service Vulnerability (CNVD-2018-15860)

Microsoft Windows 7, etc. are operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 7 is a set of operating systems for personal computers.Windows Server 2012 R2 is a set of server operating systems. A denial of service vulnerability exists in Microsoft Windows, which...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

Security feature bypass

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8308

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

Microsoft .NET Framework Multiple Vulnerabilities (KB4338420)

This host is missing an important security update according to Microsoft KB4338420. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Windows Multiple Vulnerabilities (KB4338815)

This host is missing a critical security update according to Microsoft KB4338815 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-12880)

Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from an information disclosure vulnerability. The vulnerability stems from Microsoft Edge failing to properly handle objects in memory. An attacker could exploit the vulnerability to obtain information that could further compromis...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8307

CVE-2018-8307 is a WordPad security feature bypass affecting multiple Windows versions (e.g., Windows 7, 8.1, 10, and corresponding Server editions) where embedded OLE objects are improperly handled. The vulnerability is described as a bypass of security features when WordPad processes OLE object...

Microsoft Windows WordPad Security Bypass Vulnerability

Microsoft Windows 7 and others are a series of operating systems released by Microsoft Corporation in the U.S. WordPad is one of the filters that is installed by default on all Windows systems. A security bypass vulnerability exists in Microsoft Windows WordPad, which arises from the program's...

.NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...

WordPad Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file...

Description of the security update for the security feature bypass vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: July 10, 2018

Description of the security update for the security feature bypass vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: July 10, 2018 Summary A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE...