13538 matches found
Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)
An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...
Cross-Site Scripting Scanning Attempt (CVE-2015-4661; CVE-2019-16385; CVE-2019-9167; CVE-2020-10946; CVE-2020-12261; CVE-2020-13228; CVE-2020-13627; CVE-2020-13628; CVE-2020-14953; CVE-2021-21801; CVE-2021-25080; CVE-2022-25305; CVE-2022-28102)
Remote attackers use Cross-Site Scripting scanning in order to locate potential Cross-Site Scripting vulnerabilities on a target server, which could be later used for attacks...
SQL Servers Time-based SQL Injection (CVE-2011-4710; CVE-2019-13978; CVE-2019-16065; CVE-2019-16119; CVE-2019-16383; CVE-2019-16692; CVE-2020-15468; CVE-2020-26518; CVE-2020-29284; CVE-2021-21915; CVE-2021-21916; CVE-2021-21917; CVE-2022-23337; CVE-2022-25149)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
Web Servers Malicious HTTP Request Directory Traversal (CVE-2005-3299; CVE-2014-7174; CVE-2022-1476; CVE-2022-29806)
There exists a directory traversal vulnerability On different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the parameters in request body for the directory traversal patterns. Successful exploitation allows unauthenticated remo...
Microsoft XMLHTTP Control Open Method Code Execution (MS06-071; CVE-2006-5745)
XML HTTP, an ActiveX control that is included in Microsoft XML Core Services MSXML, is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications...
ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)
ROBOT Detect Scanner is a vulnerability scanning product. Remote attackers can use ROBOT Detect Scanner to detect vulnerabilities on a target server...
Command Injection Over HTTP (CVE-2019-9166; CVE-2021-43936; CVE-2022-1813; CVE-2022-24086; CVE-2022-24193; CVE-2022-26536; CVE-2022-32092; CVE-2022-37810; CVE-2022-40048)
A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...
DrayTek Routers Buffer Overflow (CVE-2022-32548)
A buffer overflow vulnerability exists in DrayTek Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
IBM Rational Focal Point RequestAccessController Servlet Information Disclosure (CVE-2013-5398)
An information disclosure vulnerability has been reported in IBM Focal Point. The vulnerability is due to input validation error of file variable in com.telelogic.focalpoint.pres.controller.RequestAccessController servlet. A remote unauthenticated attacker could exploit this vulnerability to read...
Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6143)
A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in manipulating CAttrArray objects. Successful exploitation could cause memory corruption in a way that would allow attackers to execute code on the target...
Apple Safari Parent.Close User After Free - Ver2 (CVE-2010-1939)
A use-after-free vulnerability has been reported in Apple Safari. The vulnerability is due to an error in Apple Safari while handling the termination and subsequent referencing between child and parent windows. A remote attacker could trigger this vulnerability by enticing a vulnerable target to...
SQL Servers Unauthorized Commands SQL Injection - Ver2 (CVE-2014-3704)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. SQL injection techniques can be used by attackers to exploit the Drupal vulnerability. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or...
WordPress WP_Query SQL Injection (CVE-2022-21661)
An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Fourtwosevenbb showthread.php ForumID Parameter SQL Injection - Ver2 (CVE-2006-0154)
An SQL injection vulnerability has been reported in 427BB Fourtwosevenbb. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Oracle 9i HTTP Server soapConfig.xml Access Information Disclosure - Ver2 (CVE-2002-0568)
An information disclosure vulnerability has been reported in Oracle 9i Application Server. A remote attacker could trigger this vulnerability by requesting XSQLConfig.xml or soapConfig.xml through a virtual directory. Successful exploitation of this vulnerability would allow a remote attacker to...
Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)
Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. A remote code execution vulnerability has been reported in Microsoft Office Web Components. A...
Boite de News index.php url_index Parameter PHP Code Execution - Ver2 (CVE-2006-4123)
A code execution vulnerability has been reported in Boite de News. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Light Weight Calendar index.php date Parameter PHP Code Execution - Ver2 (CVE-2006-0206)
A code execution vulnerability has been reported in Light Weight Calendar. The vulnerability is due to the application does not validating the 'date' variable upon submission to the 'index.php' script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrar...
MF Piadas admin.php page Parameter PHP Code Execution - Ver2 (CVE-2006-3323)
A cross-site scripting vulnerability has been reported in MF Piadas. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Update Protection against Microsoft Excel Vulnerabilities (MS06-037)
Microsoft Excel is prone to multiple vulnerabilities that may allow remote attackers to take any action with an affected system. When Excel opens a specially crafted Excel file that results from the processing of a malformed file, it may corrupt system memory, potentially allowing for remote code...
WoWRoster subdir Parameter PHP Code Execution - Ver2 (CVE-2006-3997)
A code execution vulnerability has been reported in WoWRoster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
Multiple remote code execution vulnerabilities have been reported in Microsoft Office Web Components ActiveX Controls. Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the publish...
Portable Executable (PE) 16-bit File (CVE-2010-0232; CVE-2011-2003)
An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to...
Packet Sanity (CVE-1999-0193; CVE-1999-0675; CVE-2000-0221; CVE-2002-1071; CVE-2003-1029; CVE-2004-0247; CVE-2004-1109; CVE-2007-1804; CVE-2007-3026; CVE-2008-7127; CVE-2010-1185; CVE-2011-0975; CVE-2012-6638; CVE-2014-3000)
...
Update Protection against Windows Kernel Exception Handler Vulnerability (MS10-015)
An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system, providing system level services such as device management and memory management. An attacker who successfully exploite...
Apache HTTP Server Server-Side Request Forgery (CVE-2021-40438)
A Server Side Request Forgery vulnerability exists in Apache HTTP Server. A remote attacker may exploit this issue by making a specially crafted HTTP request. Successful exploitation would allow attackers to create HTTP requests on behalf of the vulnerable server...
ISC BIND rndc Control Channel Interface Assertion Failure Denial of Service (CVE-2017-3138)
A denial-of-service vulnerability exist in ISC BIND. The vulnerability is due to improper handling of a null command string sent to rndc control channel interface. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the rndc control channel...
ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)
A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module modcopy. Successful exploitation would result in arbitrary code execution on target system...
EMC CMCNE http-file-upload.war FileUploadController Arbitrary File Upload (CVE-2013-6810)
A code execution vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of http-fileupload .war when processing HTTP requests. A remote unauthenticated...
Hikvision Web Server Command Injection (CVE-2021-36260)
A command injection vulnerability exists in Hikvision Web Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Fourtwosevenbb Cookie-based Authentication Bypass - Ver2 (CVE-2006-0153)
An authentication bypass vulnerability has been reported in 427BB Fourtwosevenbb. A remote attacker could trigger this vulnerability by using a valid username and usertype and setting the authenticated cookie. Successful exploitation of this vulnerability would allow remote attackers to gain...
Cisco Secure ACS LogonProxy.cgi Cross-Site Scripting - Ver2 (CVE-2006-3101)
A cross-site scripting vulnerability has been reported in Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected system...
WibuKey Network Server Management Heap Overflow (CVE-2018-3991)
A heap overflow vulnerability exists in WibuKey Network Server Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Corel PaintShop Pro Insecure Library Loading (CVE-2013-0733)
A code execution vulnerability exists in Corel's PaintShop Pro...
Foxit Reader Annotations Point Use After Free (CVE-2018-9958)
A use-after-free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of an annotation object. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...
TinyPHPForum action.php txt Parameter Cross-Site Scripting - Ver2 (CVE-2006-0102)
A cross-site scripting vulnerability has been reported in TinyPHPForum. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...
Hp Data Protector Remote Client EXEC_CMD Code Execution - Ver2 (CVE-2011-0923)
A remote code execution vulnerability exists in Hp Data Protector. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)
Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...
Internet Explorer Table Handling Memory Corruption (CVE-2010-3962)
Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigge...
Trend Micro objRemoveCtrl ActiveX Control Multiple Buffer Overflows - Ver2 (CVE-2008-3364)
Trend Micro OfficeScan is a centralized virus and security scan management system. A buffer overflow vulnerability has been reported in Trend Micro OfficeScan. The vulnerability is due to a boundary error in the OfficeScan ActiveX control objRemoveCtrl. To trigger this issue, an attacker may crea...
W3-Total-Cache Wordpress-plugin Username and Hash Extract (CVE-2012-6077)
An information disclosure vulnerability has been reported in W3 Total Cache Plugin for Wordpress...
GNUTurk mods.php t_id Parameter SQL Injection - Ver2 (CVE-2006-4867)
An SQL injection vulnerability has been reported in GNUTurk. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)
Several remote code execution vulnerabilities exist in Microsoft Office, including vulnerabilities in Excel, Power Point and Word. A remote attacker may create a malicious Excel, PowerPoint or Word file and host it on a Web site or send it as an email attachment. This may allow an attacker to...
Turnkey Web Tools PHP Simple Shop abs-path Parameter PHP Code Execution - Ver2 (CVE-2006-4052)
A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Simple Shop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office RTF Stack Buffer Overflow (MS10-087; CVE-2010-3333)
RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. The vulnerability is due to an error in Microsoft Office that fails to...
OMRON CX-One CX-FLnet Type Heap-based Buffer Overflow (CVE-2018-8834)
A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Type parameter of the FLN configuration file...
Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...
Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)
Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. Multiple vulnerabilities have been identified in Adobe Shockwave Player. The vulnerabilities are due to...
Foxit Reader PDF Use After Free Code Execution (CVE-2018-9948)
A remote code execution vulnerability exists in Foxit Reader. The vulnerability is due to a use-after-free error in Foxit Reader while handling a specially crafted PDF file. Successful exploitation could lead to arbitrary code execution...
XiongMai uc-httpd Buffer Overflow (CVE-2018-10088)
A remote code execution vulnerability exists in XiongMai uc-httpd. The vulnerability is due to a buffer overflow. Successful exploitation would allow an attacker to execute arbitrary code on the target...