7680 matches found
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
[SECURITY] Fedora 22 Update: python3-3.4.2-8.fc22
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...
PT-2016-3244 · Apache +2 · Apache Xml-Rpc Library +2
Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. This is due to the library's failure to properly verify data from external...
Microsoft Internet Explorer Information Disclosure (MS16-084 : CVE-2016-3261)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling certain javascript memory objects. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
KLA10843 Code execution vulnerability in Microsoft JScript and VBScript engines
An improper objects handling was found in Microsoft JScript and VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content. Technical details To mitigate this vulnerability you can restrict...
KLA10842 Multiple code execution vulnerabilities in Microsoft Office
An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these...
SugarCRM PHP Object Injection Vulnerability (Jun 2016)
SugarCRM is prone to a PHP injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm";...
The vulnerability of the PHP interpreter, which allows a remote attacker to execute arbitrary code
The multiple vulnerabilities of the PHP interpreter are located in the ext/date/phpdate.c component. These vulnerabilities involve the use of memory after it has been freed. As a result of exploiting these vulnerabilities by a malicious actor operating remotely, arbitrary code can be executed usi...
The vulnerability of the Firefox browser allows a malicious attacker to compromise the confidentiality and integrity of protected information.
The vulnerability in the implementation of XrayWrapper in Mozilla Firefox allows malicious actors to bypass access restrictions by using a specially crafted web page, provided that the user visits it through a debugger. This enables operations such as unwrapping and calling DOM methods on unwrapp...
The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Windows OLE allows for the execution of code remotely, provided that the user opens a file containing a specially crafted OLE object. Exploiting this vulnerability enables the attacker to gain privileges similar to those of an authorized user. If the accessing user has...
Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information
The vulnerability exists in Adobe AIR due to an incorrect limitation on the SWF file format. Exploiting this vulnerability allows malicious actors to execute attacks on JSONP endpoints using Cross-Site Request Forgery CSRF. They can also gain access to confidential information by using specially...
The vulnerability of the Internet Explorer browser, which allows a malicious individual to execute arbitrary code or trigger a service failure.
The Internet Explorer browser contains a vulnerability related to the use of memory after its release use-after-free error when processing C Markup objects. This vulnerability allows attackers to execute arbitrary code or cause a service failure through a specially created website...
The vulnerability of the Firefox ESR browser allows a malicious attacker to trigger a service failure or execute arbitrary code.
Mozilla Firefox ESR’s software contains a vulnerability in the nsXBLProtoImpl::InstallImplementation function. Exploiting this vulnerability allows an attacker to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same manner as XBL...
The vulnerability of the Internet Explorer browser, which allows a malicious actor to execute arbitrary code
The Internet Explorer browser contains a vulnerability related to the processing of VBScript objects stored in memory. Exploiting this vulnerability allows a malicious individual to execute arbitrary code in the context of the current user. If a user with administrative privileges accesses the...
The vulnerability of the Thunderbird email client allows a remote attacker to trigger a service failure or execute arbitrary code.
Mozilla Thunderbird’s software contains a vulnerability in the function nsXBLProtoImpl::InstallImplementation. Exploiting this vulnerability allows an attacker to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same manner as XBL itself...
The vulnerability of the SeaMonkey software package allows a malicious attacker to trigger a service failure or execute arbitrary code.
The SeaMonkey software contains a vulnerability in the nsXBLProtoImpl::InstallImplementation function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same way as XBL...
The vulnerability of the Internet Explorer browser, which allows a malicious individual to execute arbitrary code or trigger a service failure.
The Internet Explorer browser contains a vulnerability related to the use of memory after its release use-after-free error when processing C Markup objects. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or cause a service failure...
The vulnerability of the Internet Explorer browser, which allows a malicious actor to execute arbitrary code
Internet Explorer browser contains a vulnerability related to array indexing, which arises due to insufficient validation of data entered by users when working with CSS objects. Exploiting this vulnerability allows malicious actors to execute arbitrary code through a specially created website...
Stack overflow
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via 1 the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, 2 the CPName property value to...
CVE-2016-1606
The CVE-2016-1606 entry concerns Micro Focus Rumba/Rumba+ 9.4.x prior to 9.4 HF 13960, where multiple stack-based buffer overflows in COM objects allow remote code execution. Affected components include iconfig.dll (NetworkName, CPName), ProfEdit.dll (PrinterName, LUName), FtxBIFF.dll (WriteRecor...