2565 matches found
JVN#66984217: MATCHA INVOICE vulnerable to code injection
MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
MakeSFX.exe 1.44 - Local Stack Buffer Overflow ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...
Apple iOS Webkit Memory Corruption Vulnerability (CNVD-2015-06181)
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A memory corruption vulnerability exists in Webkit used by Apple iOS, which allows attackers to construct a malicious web page and trick users into parsing it, which could crash the application or execute...
HP Intelligent Provisioning Arbitrary Code Execution Vulnerability
HP Intelligent Provisioning is a set of server configuration tools developed by Hewlett-Packard HP. A security vulnerability exists in HP Intelligent Provisioning. A remote attacker could exploit this vulnerability to execute arbitrary code...
Code injection
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service Embedded Services Processor crash via a crafted 1 IPv4 or 2 IPv6 packet, aka Bug ID CSCsw69990...
Elasticsearch Logstash Security Bypass Vulnerability (CNVD-2015-05626)
Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security bypass vulnerability exists in Elasticsearch Logstash. An attacker can exploit this vulnerabilit...
Apple OS X suffers from unspecified Admin privilege acquisition vulnerability
Apple OS X is a BSD-based operating system distributed by Apple. Apple OS X suffers from a memory corruption vulnerability that allows attackers to exploit the vulnerability to gain admin privileges...
phpFileManager 0.9.8 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: CSRF Remote Backdoor Shell Google Dork: intitle: CSRF Remote Backdoor Shell Date: 2015-07-29 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: phpfm.sourceforge.net Software Link:...
Hikvision DS-7108HWI-SH XML External Entity Injection Vulnerability
Hikvision DS-7108HWI-SH is a digital video recorder product from Hikvision. An XML external entity injection vulnerability exists in the Hikvision DS-7108HWI-SH, which allows an attacker to exploit the vulnerability to obtain sensitive information or conduct denial-of-service attacks via special...
t1utils Buffer Overflow Vulnerability
t1utils is a library for manipulating PostScript Type 1 fonts. A buffer overflow vulnerability exists in t1utils that could be exploited by an attacker to execute arbitrary code or conduct a denial of service attack...
Microsoft Windows Journal File Handling Arbitrary Code Execution Vulnerability (CNVD-2015-03113)
Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows' handling of specially crafted Journal .jnt files allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by a user and can be used in an application context...
Apple Mac OS X ATS fontd local elevation of privilege vulnerability
Apple Mac OS X is a popular operating system. Apple Mac OS X has a security vulnerability in ATS fontd that allows local attackers to exploit the vulnerability to elevate privileges...
wpsploit
WPSploit WPSploit - Exploiting WordPress With Metasploi...
Fedora abrt competitive conditions vulnerability
Fedora is an open, innovative and forward-thinking operating system and platform based on Linux.ABRT is an automated bug detection and reporting tool. A competitive condition vulnerability exists in Fedora abrt. An attacker can exploit this vulnerability to gain privileges...
Citrix Netscaler NS10.5 HTTP Header Contamination WAF Bypass Vulnerability
Citrix NetScaler is a network traffic management product A security vulnerability exists in Citrix NetScaler that allows attackers to exploit a vulnerability to bypass WAF protection via HTTP header pollution for unauthorized access...
Unspecified Vulnerability in HP ArcSight Enterprise Security Manager
HP ArcSight Enterprise Security Manager ESM is a suite of advanced security event managers for analyzing and correlating every event from Hewlett-Packard HP in the United States. The manager supports real-time threat detection, log collection and archiving, network security forensic analysis, and...
Foxit Reader Update Service Insecure Service Path Elevation of Privilege Vulnerability
Foxit Reader is a popular application for working with PDF files. A security vulnerability in the Foxit Reader update service allows an attacker to exploit a special executable to trick the update service into executing a file due to the program's failure to properly handle the service path...
Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-01649)
Microsoft Internet Explorer is a popular WEB browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to construct a malicious web page and trick a user into parsing it, which could crash the application or execute arbitrary code...
Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability (CNVD-2015-01124)
The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A denial of service vulnerability exists in the Cisco Adaptive Security Appliance ASA Software, which can be exploited by attackers to launch denial of service attacks...
Adobe Flash Player suffers from unspecified vulnerability (CNVD-2015-00632)
Adobe Flash Player is a Flash file handling program. An unspecified vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to cause the affected application to crash or compromise the affected system...