13538 matches found
Microsoft Office Remote Code Execution (CVE-2017-0261)
A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...
Apache Archiva Command Injection (CVE-2020-9495)
A command injection vulnerability exists in Apache Archiva. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
SuperWebMailer Remote Code Execution (CVE-2020-11546)
A remote code execution vulnerability exists in SuperWebMailer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GoAhead Command Injection (CVE-2019-15311; CVE-2019-15310; CVE-2019-15312)
A command injection vulnerability exists in GoAhead. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
Joomla Saxum Astro Component SQL Injection (CVE-2018-7180)
A vulnerability exists in Saxum2003 astro 4.0.14. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Schneider Electric IGSSupdateservice Directory Traversal (CVE-2020-7478)
A directory traversal vulnerability exists in Schneider Electric IGSS SCADA System. The vulnerability is due to improper handling of a user-supplied path in IGSSupdateservice service...
Citrix Gateway Cache Bypass (CVE-2020-10111)
A cache bypass vulnerability exists in Citrix Gateway. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
OpenSMTPD Remote Code Execution (CVE-2020-8794)
A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Code Snippets Plugin Cross Site Request Forgery (CVE-2020-8417)
A cross site request forgery vulnerability exists in WordPress Code Snippets plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1335)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Security Feature Bypass (CVE-2019-0768)
A security bypass vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...
SugarCRM Cross-Site Scripting (CVE-2018-17784)
A cross-site scripting vulnerability exists in SugarCRM 6.5.26. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
WellinTech KingView Buffer Overflow - Ver2 (CVE-2011-0406; CVE-2012-1830)
A buffer overflow vulnerability exists in WellinTech KingView. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Spring Web Flow SPEL Command Injection (CVE-2017-4971) - Ver2
A command injection vulnerability exists in Spring Web. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
OrientDB Groovy Wrapper Remote Code Execution (CVE-2017-11467)
A remote code execution vulnerability exists in OrientDB server. The vulnerability is due privilege escalation when the server receives a specially crafted request. A remote attacker can exploit this vulnerability to gain privilege rights and execute arbitrary code...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8670)
A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8671)
An off-by-one vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to the way Microsoft Edge Chakra JavaScript engine renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...
Moodle Remote Code Execution (CVE-2017-2641)
A remote code execution vulnerability exists in Moodle. The vulnerability is due to object injection through a legacy user preferences setting. A remote attacker can exploit this vulnerability to execute PHP code at the vulnerable Moodle server...
Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure (CVE-2017-8225)
An information disclosure vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)
A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the responsetype parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code...
Microsoft Edge Memory Corruption (MS16-119: CVE-2016-3386)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Elevation of Privilege (MS16-014: CVE-2016-0040)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel verifies memory address. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted code...
Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)
Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...
Adobe Acrobat and Reader ToolButton Use After Free (APSB13-15) - Ver2 (CVE-2013-3346)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the handling of callback functions associated with ToolButton objects. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted file. Successful...
Internet Explorer Same Origin Policy Bypass (CVE-2015-0072)
A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by...
op5 Monitor license.php Remote Command Execution (CVE-2012-0261)
A command execution vulnerability has been reported in op5 Monitor. The vulnerability is due to an input validation flaw related to the system-op5config component. A remote attacker can exploit this vulnerability to execute arbitrary shell commands via command injection...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
Symantec Endpoint Protection Manager secars.dll Buffer Overflow (CVE-2013-1612)
A buffer overflow vulnerability exists in Symantec Endpoint Protection Manager SEPM. The vulnerability is caused by insufficient boundary check while processing external input. By supplying a crafted HTTP request to the vulnerable server, a remote unauthenticated attacker can possibly exploit thi...
Internet Explorer iepeers.dll Use-After-Free - Ver2 (CVE-2010-0806)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows InformationCardSigninHelper Class ActiveX Control Code Execution (MS13-090; CVE-2013-3918)
A remote code execution vulnerability exists in the InformationCardSigninHelper Class ActiveX control, icardie.dll...
Multiple Products DVR Configuration Disclosure (CVE-2013-1391)
A configuration disclosure vulnerability has been reported in the DVR web server of multiple vendors which allows authentication bypass. A remote attacker could get the unencrypted configuration file by requesting the "/DVR.cfg" without entering credentials. Successful exploitation of this...
HP LoadRunner WriteFileString Directory Traversal - ver 2 (CVE-2013-4798)
A directory traversal and file overwrite vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient input sanitization, which permits directory traversal in theWriteFileString method. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visi...
Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow (CVE-2013-0003)
A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...
Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow (CVE-2012-5960)
A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing service name URIs in the function called from the SSDP protocol parser. A remote attacker can exploit this vulnerability to execute...
Dries Buytaert Drupal Core OpenID Module Information Disclosure (CVE-2012-4554)
An information disclosure vulnerability has been reported in Dries Buytaert Drupal Core. The vulnerability is due to an input validation error when handling specially crafted OpenID responses. A remote attacker can exploit this issue by sending a specially crafted OpenID response to the target...
Ruby on Rails Hash SQL Injection (CVE-2012-2695)
An SQL injection vulnerability has been reported in Ruby on Rails Active Record...
phpBB viewtopic.php URL Decoding Code Execution (CVE-2004-1315)
A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...
Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046; CVE-2012-1854)
A remote code execution vulnerability has been reported in Microsoft Visual Basic for Applications VBA...
Novell Netware XNFS.NLM Stack Buffer Overflow (CVE-2010-4227)
Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. A stack buffer overflow vulnerability exists in Novell Netware product. A remote attacker could trigger this flaw by sending a malicious NFS RPC request to the...
Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow (CVE-2010-3552)
Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will allow execution of arbitrar...
Internet Explorer HtmlDlgHelper Class Memory Corruption (MS10-071; CVE-2010-3329)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. To trigger this issue, ...
Novell iManager Class Name Remote Buffer Overflow (CVE-2010-1929)
Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. A buffer overflow vulnerability exists in Novell iManager. The vulnerability is d...
HP OpenView NNM getnnmdata.exe CGI Hostname Parameter Buffer Overflow (CVE-2010-1555)
HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow vulnerability...
Internet Explorer CStyleSheet Uninitialized Memory Corruption (MS10-035; CVE-2010-1259; CVE-2010-1262)
Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. The vulnerabilities are due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigger this issue, an attacker may create a malicious web page...
IBM Lotus Domino Web Access ActiveX Controls Buffer Overflow (CVE-2007-4474)
IBM Lotus Domino Web Access is a Web browser-based client platform that provides functionality similar to that of IBM Lotus Notes. With Lotus Domino Web Access, the user can send encrypted rich text e-mails, schedule meetings, manage tasks, collaborate with colleagues and so on. There exists a...
Oracle Database Server MD2 package VALIDATE_GEOM procedure Buffer Overflow (CVE-2004-1364)
Oracle database can natively manage geographic and location data. MD2 is one of the packages installed to provide the location and spatial data operations. This package is owned by user MDSYS and granted public execution permission by default. An input validation vulnerability exists within a...
F-Secure Anti-Virus LHA Processing Buffer Overflow (CVE-2004-0234)
F-Secure Corporation protects individuals and businesses against computer viruses and other threats spreading through the Internet and mobile networks. F-Secure Anti-Virus is an anti-virus solution for both the enterprise and the desktop. It is available for both Windows and Linux. Additionally, ...
Microsoft WordPad and Office Text Converter Memory Corruption (MS09-073; CVE-2009-2506)
WordPad Text Converters allow users who do not have Microsoft Office Word installed to open documents in other Microsoft Windows applications. A remote code execution vulnerability has been reported in Microsoft WordPad and Office Word. The vulnerability is due to a memory corruption error in the...
mIRC PRIVMSG Message Processing Buffer Overflow (CVE-2008-4449)
Internet Relay Chat IRC is a form of instant messaging over the Internet. It is mainly designed for group communication in discussion forums called channels, but also allows one-to-one communication via private messages. mIRC is a popular IRC client for Microsoft Windows. There exists a buffer...
Preemptive Protection against Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands...