13538 matches found
WoWRoster subdir Parameter PHP Code Execution - Ver2 (CVE-2006-3997)
A code execution vulnerability has been reported in WoWRoster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
Multiple remote code execution vulnerabilities have been reported in Microsoft Office Web Components ActiveX Controls. Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the publish...
qdPM Remote Code Execution (CVE-2020-7246)
A remote code execution vulnerability exists in qdPM. Successful exploitation of this vulnerability could result in execution of arbitrary code on the affected system...
Verot Class.upload.php Remote Code Execution (CVE-2019-19576; CVE-2019-19634)
A file upload vulnerability exists in class.upload.php. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Portable Executable (PE) 16-bit File (CVE-2010-0232; CVE-2011-2003)
An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to...
Update Protection against Windows Kernel Exception Handler Vulnerability (MS10-015)
An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system, providing system level services such as device management and memory management. An attacker who successfully exploite...
Zeroshell Remote Code Execution (CVE-2019-12725)
A remote code execution vulnerability exists in Zeroshell. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Packet Sanity (CVE-1999-0193; CVE-1999-0675; CVE-2000-0221; CVE-2002-1071; CVE-2003-1029; CVE-2004-0247; CVE-2004-1109; CVE-2007-1804; CVE-2007-3026; CVE-2008-7127; CVE-2010-1185; CVE-2011-0975; CVE-2012-6638; CVE-2014-3000)
...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...
ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)
A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module modcopy. Successful exploitation would result in arbitrary code execution on target system...
Orbitals.com Orbital Viewer .orb Stack Buffer Overflow (CVE-2010-0688)
Orbital Viewer is a picture viewer and a drawing tool. A stack buffer overflow vulnerability has been reported in Orbital Viewer. The vulnerability is due to a boundary error when processing malformed .orb files. A remote attacker can exploit this vulnerability by enticing a target user to open a...
Hikvision Web Server Command Injection (CVE-2021-36260)
A command injection vulnerability exists in Hikvision Web Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
ISC BIND rndc Control Channel Interface Assertion Failure Denial of Service (CVE-2017-3138)
A denial-of-service vulnerability exist in ISC BIND. The vulnerability is due to improper handling of a null command string sent to rndc control channel interface. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the rndc control channel...
EMC CMCNE http-file-upload.war FileUploadController Arbitrary File Upload (CVE-2013-6810)
A code execution vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of http-fileupload .war when processing HTTP requests. A remote unauthenticated...
WibuKey Network Server Management Heap Overflow (CVE-2018-3991)
A heap overflow vulnerability exists in WibuKey Network Server Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Eclipse Mosquitto Denial Of Service (CVE-2019-11779)
A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...
YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)
A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)
A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer overflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target or to crea...
Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)
A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...
Microsoft Windows WinVerifyTrust Signature Validation Code Execution (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows...
Foxit Reader and PhantomPDF Multiple Use After Free Vulnerabilities (CVE-2018-3940; CVE-2018-3941; CVE-2018-3942; CVE-2018-3943; CVE-2018-3944; CVE-2018-3945; CVE-2018-3946)
A remote code execution vulnerability exists in Foxit Reader and PhantomPDF. The vulnerability is due to a use-after-free error while handling a specially crafted PDF file. Successful exploitation could lead to arbitrary code execution. Additional CVEs: CVE-2018-3957, CVE-2018-3958, CVE-2018-3959...
Cisco Secure ACS LogonProxy.cgi Cross-Site Scripting - Ver2 (CVE-2006-3101)
A cross-site scripting vulnerability has been reported in Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected system...
FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)
A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
TP-LINK Cloud Cameras Command Injection (CVE-2020-12109)
A command injection vulnerability exists in TP-LINK Cloud Cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)
An arbitrary file upload vulnerability has been reported in Blueimp jQuery File Upload Plugin. The vulnerability is due to a fail to adequately sanitize user-supplied input. Successful exploitation of this vulnerability could result in arbitrary code execution...
TOTOLINK A7100RU Router Command Injection (CVE-2022-28575; CVE-2022-28577; CVE-2022-28578; CVE-2022-28579; CVE-2022-28580; CVE-2022-28581; CVE-2022-28582; CVE-2022-28583; CVE-2022-28584)
A command injection vulnerability exists in TOTOLINK A7100RU router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Foxit Reader Annotations Point Use After Free (CVE-2018-9958)
A use-after-free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of an annotation object. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...
Delta Electronics Delta Industrial Automation Buffer Overflow (CVE-2018-10594)
This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists when handling specially crafted packets. Successful exploitation of this vulnerability could result in the execution of arbitrary code...
Hp Data Protector Remote Client EXEC_CMD Code Execution - Ver2 (CVE-2011-0923)
A remote code execution vulnerability exists in Hp Data Protector. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload (CVE-2014-5005)
An arbitrary file upload vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the StatusUpdate page when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary...
TinyPHPForum action.php txt Parameter Cross-Site Scripting - Ver2 (CVE-2006-0102)
A cross-site scripting vulnerability has been reported in TinyPHPForum. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...
GNUTurk mods.php t_id Parameter SQL Injection - Ver2 (CVE-2006-4867)
An SQL injection vulnerability has been reported in GNUTurk. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)
A PHP code injection vulnerability has been reported in DataLife Engine 9.7...
Apache Tika Command Injection (CVE-2018-1335)
A command injection vulnerability exists in Apache Tika. The vulnerability is due to improper validation of the HTTP requests. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)
Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...
Internet Explorer Table Handling Memory Corruption (CVE-2010-3962)
Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigge...
Cisco Firepower ASA Command Injection (CVE-2022-20828)
A command injection vulnerability exists in Cisco Firepower ASA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Strapi Remote Code Execution (CVE-2019-19609)
A remote code execution vulnerability exists in Strapi framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Netatalk Attention Quantum Out-of-bounds Write (CVE-2018-1160)
An out-of-bounds write vulnerability exists in Netatalk. This vulnerability is due to a missing bounds check. Successful exploitation could lead to arbitrary code execution with privileges of the root user...
Mozilla Firefox JIT escape Function Memory Corruption - Ver2 (CVE-2009-2477)
Mozilla Firefox is a web browser developed by Mozilla Foundation. The browser is capable of interpreting and rendering many types of content published on the Internet, including various versions of HTML, XML, XUL, JavaScript, and various graphic formats, and so on. The browser runs on Windows,...
Microsoft Office RTF Stack Buffer Overflow (MS10-087; CVE-2010-3333)
RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. The vulnerability is due to an error in Microsoft Office that fails to...
Turnkey Web Tools PHP Simple Shop abs-path Parameter PHP Code Execution - Ver2 (CVE-2006-4052)
A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Simple Shop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)
Several remote code execution vulnerabilities exist in Microsoft Office, including vulnerabilities in Excel, Power Point and Word. A remote attacker may create a malicious Excel, PowerPoint or Word file and host it on a Web site or send it as an email attachment. This may allow an attacker to...
Tablib Databook Loading Functionality Remote Code Execution (CVE-2017-2810)
A remote code execution vulnerability exists in the Databook loading functionality of Python Tablib library. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WordPress Core Remote Code Execution (CVE-2019-9787)
A remote code execution vulnerability exists in WordPress. The vulnerability is due to lack of protection against cross-site request forgery attack and improper validation of the comment content in the function which leads to stored cross-site scripting issue. Successful exploitation of this...
Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...
Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)
A remote code execution vulnerability exists in Aerohive Networks HiveOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)
UNION Query-based SQL Injection Over HTTP Traffic...
CloudMe Sync Buffer Overflow (CVE-2018-6892)
A buffer overflow vulnerability exists in CloudMe Sync. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
OMRON CX-One CX-FLnet Type Heap-based Buffer Overflow (CVE-2018-8834)
A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Type parameter of the FLN configuration file...