13538 matches found
Cisco Secure ACS LogonProxy.cgi Cross-Site Scripting - Ver2 (CVE-2006-3101)
A cross-site scripting vulnerability has been reported in Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected system...
Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)
An arbitrary file upload vulnerability has been reported in Blueimp jQuery File Upload Plugin. The vulnerability is due to a fail to adequately sanitize user-supplied input. Successful exploitation of this vulnerability could result in arbitrary code execution...
FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)
A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WordPress MasterStudy LMS Plugin Privilege Escalation (CVE-2022-0441)
A privilege escalation exists in WordPress MasterStudy LMS plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Foxit Reader Annotations Point Use After Free (CVE-2018-9958)
A use-after-free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of an annotation object. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload (CVE-2014-5005)
An arbitrary file upload vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the StatusUpdate page when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary...
TinyPHPForum action.php txt Parameter Cross-Site Scripting - Ver2 (CVE-2006-0102)
A cross-site scripting vulnerability has been reported in TinyPHPForum. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...
GNUTurk mods.php t_id Parameter SQL Injection - Ver2 (CVE-2006-4867)
An SQL injection vulnerability has been reported in GNUTurk. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Apache Tika Command Injection (CVE-2018-1335)
A command injection vulnerability exists in Apache Tika. The vulnerability is due to improper validation of the HTTP requests. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
Hp Data Protector Remote Client EXEC_CMD Code Execution - Ver2 (CVE-2011-0923)
A remote code execution vulnerability exists in Hp Data Protector. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)
Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...
Internet Explorer Table Handling Memory Corruption (CVE-2010-3962)
Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigge...
Mozilla Firefox JIT escape Function Memory Corruption - Ver2 (CVE-2009-2477)
Mozilla Firefox is a web browser developed by Mozilla Foundation. The browser is capable of interpreting and rendering many types of content published on the Internet, including various versions of HTML, XML, XUL, JavaScript, and various graphic formats, and so on. The browser runs on Windows,...
Turnkey Web Tools PHP Simple Shop abs-path Parameter PHP Code Execution - Ver2 (CVE-2006-4052)
A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Simple Shop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office RTF Stack Buffer Overflow (MS10-087; CVE-2010-3333)
RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. The vulnerability is due to an error in Microsoft Office that fails to...
Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)
Several remote code execution vulnerabilities exist in Microsoft Office, including vulnerabilities in Excel, Power Point and Word. A remote attacker may create a malicious Excel, PowerPoint or Word file and host it on a Web site or send it as an email attachment. This may allow an attacker to...
Tablib Databook Loading Functionality Remote Code Execution (CVE-2017-2810)
A remote code execution vulnerability exists in the Databook loading functionality of Python Tablib library. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...
Microsoft Windows WinVerifyTrust Signature Validation Code Execution (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows...
OMRON CX-One CX-FLnet Type Heap-based Buffer Overflow (CVE-2018-8834)
A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Type parameter of the FLN configuration file...
Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)
Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. Multiple vulnerabilities have been identified in Adobe Shockwave Player. The vulnerabilities are due to...
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
...
CloudMe Sync Buffer Overflow (CVE-2018-6892)
A buffer overflow vulnerability exists in CloudMe Sync. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Foxit Reader PDF Use After Free Code Execution (CVE-2018-9948)
A remote code execution vulnerability exists in Foxit Reader. The vulnerability is due to a use-after-free error in Foxit Reader while handling a specially crafted PDF file. Successful exploitation could lead to arbitrary code execution...
XiongMai uc-httpd Buffer Overflow (CVE-2018-10088)
A remote code execution vulnerability exists in XiongMai uc-httpd. The vulnerability is due to a buffer overflow. Successful exploitation would allow an attacker to execute arbitrary code on the target...
Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2016-3652)
A cross-site-scripting vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient input validation on user-supplied input. A remote attacker could exploit this vulnerability by enticing authenticated users to click on a crafted link...
HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)
A command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to...
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution (CVE-2013-0230)
A stack buffer overflow has been reported in MiniUPnP 1.0 SOAP. The vulnerability is due to a boundary error when processing SOAPAction HTTP requests. A remote attacker can exploit this issue by sending specially crafted requests. Successful exploitation would allow an attacker to inject and...
Adobe Reader and Acrobat Embedded BMP Memory Corruption (APSB12-01; CVE-2012-4373)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat...
Microsoft Office Visio DXF File Inserting Buffer Overflow - Improved Performance (CVE-2010-1681)
A buffer overflow vulnerability exists in Microsoft Office Visio. The vulnerability is due to a boundary error when parsing DXF files inserted into Visio documents. This vulnerability may be exploited by remote attackers by enticing a user to open a maliciously crafted Visio file with a vulnerabl...
Security Best Practice: SmartDefense Content Protection Defenses
The Content Protection defenses allow users of VPN-1 NGX R62, R61 and R60 to block malicious content over multiple protocols. The protection includes well known file types such as popular image files and Microsoft Office files that are prone to denial of service and remote code execution...
Advantech WebAccess Remote Code Execution (CVE-2018-15705; CVE-2018-15707)
An arbitrary file write and remote code execution vulnerabilities exist in Advantech WebAccess software. The vulnerabilities are due to the lack of input validation when processing the 'folderpath' parameter in an HTTP POST request. Successful exploitation could lead to remote code execution on t...
Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)
An information disclosure vulnerability exists in Hikvision IP cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Microsoft Graphics Device Interface Integer Overflow (MS13-089; CVE-2013-3901)
A remote code execution vulnerability has been reported in the Windows Graphics Device Interface GDI...
GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution (CVE-2012-2516)
A remote code execution vulnerability has been reported in GE Proficy Historian...
HP Data Protector Client EXEC_CMD Command Execution (CVE-2011-0923)
A remote code execution vulnerability has been reported in HP Data Protector. The vulnerability is due to insufficient input validation of arguments passed to the EXECCMD command. A remote attacker may exploit this vulnerability by sending a specially crafted request to an affected Data Protector...
AtomCMS SQL Injection (CVE-2022-24223)
An SQL injection vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)
p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...
Microsoft Windows Media Player MIDI Remote Code Execution (MS12-004; CVE-2012-0003)
A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...
YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)
A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
ABB Panel Builder 800 Stack-based Buffer Overflow (CVE-2018-10616)
A stack-based buffer overflow exists in ABB Panel Builder. The vulnerability is due to an input validation error while processing a parameter for ABB Comli OPC driver setting...
Microsoft Browser Information Disclosure (CVE-2017-8529)
An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file...
RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...
Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...
FUEL CMS Remote Code Execution (CVE-2018-16763)
A command injection vulnerability exists in FUEL CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
qdPM Remote Code Execution (CVE-2020-7246)
A remote code execution vulnerability exists in qdPM. Successful exploitation of this vulnerability could result in execution of arbitrary code on the affected system...
Eclipse Mosquitto Denial Of Service (CVE-2019-11779)
A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...
WordPress Plugin WPGraphQL Information Disclosure (CVE-2019-9879; CVE-2019-9880; CVE-2019-9881)
An information disclosure vulnerability exists in WordPress Plugin WPGraphQL. A remote attacker could trigger this flaw by sending a crafted request. Successful exploitation may result in the disclosure of sensitive information...
Command Injection Over HTTP Payload (CVE-2013-6719; CVE-2013-6720; CVE-2020-26728; CVE-2022-30105)
A command Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)
A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to a CAttribute object being confused for a CAttrArray object by the PrivateFindInl method. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...