CVE-2017-14836

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate...

CVE-2017-10957

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-16577

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

Information disclosure

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due ...

Information disclosure

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to h...

Solr: Code execution via entity expansion

It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API...

Code injection

Denial of Service DOS in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service...

CVE-2017-16683

Denial of Service DOS in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service...

CVE-2017-16683

Denial of Service DOS in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service...

CVE-2017-16683

The CVE-2017-16683 entry affects SAP Business Objects Platform Enterprise 4.10 and 4.20, describing a Denial of Service that could allow an attacker to prevent legitimate users from accessing the service. The connected documents confirm the affected product and the DoS impact but do not provide a...

Server side request forgery (ssrf)

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery SSRF attacks and consequentl...

CVE-2017-15708

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...

CVE-2017-11463

In Ivanti Service Desk formerly LANDESK Management Suite versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in...

Palo Alto Networks PAN-OS Security Bypass Vulnerability (CNVD-2017-37959)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security bypass vulnerability exists in the Configuration File Export for Applications, Spyware, and Vulnerable Objects feature of the web interface in Palo Alto Networks PAN-OS...

OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Microsoft Office Equation Editor Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office CVE-2017-11882', 'Description' = %q Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitra...

SAP Business Objects Financial Consolidation Cross-Site Scripting Vulnerability

SAP Business Objects is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The solution provides reporting, performance management, and data base functionality, and Financial Consolidation is one of the tools used to connect financial systems. A...

Cross site scripting

Cross-Site Scripting XSS exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292...