13538 matches found
VLC Media Player ABC File Parsing Buffer Overflow - Ver2 (CVE-2013-4233)
A buffer overflow vulnerability has been reported in VLC Media Player's ABC file parsing. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Rocket Servergraph Admin Center fileRequestor Directory Traversal - Ver2 (CVE-2014-3914)
A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...
Microsoft Host Integration Server Remote Command Execution (MS08-059) - Ver2 (CVE-2008-3466)
Microsoft Host Integration Server HIS is a gateway application that provides host access and integration, extending Microsoft Windows to other systems by integrating mission-critical host applications, data sources, messaging, and security systems. . A remote code execution vulnerability has been...
FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)
A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...
GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)
A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...
ProShow Gold file based Buffer Overflow - Ver2 (CVE-2009-3214)
A buffer overflow vulnerability has been reported in Photodex Proshow Gold. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (MS07-061) - Ver2 (CVE-2007-3896)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Windows Internet Explorer 7. The vulnerability occurs when Windows does not correctly handle specially crafted URLs or URIs that are passed to it. There are a...
Microsoft Excel Column Record Handling Memory Corruption (MS07-002) - Ver2 (CVE-2007-0030)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)
An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...
Zavio IP Camera Firmware 1.6.03 Authentication Bypass - Ver2 (CVE-2013-2567)
An authentication bypass vulnerability has been reported in the Zavio IP Camera firmware. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Microsoft Word Section Table Array Buffer Overflow - Ver2 (CVE-2007-0515)
A buffer overflow vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a flaw in the Section Table entry inside the Table Stream structure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)
An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
KingView ActiveX Control Directory Traversal - Ver2 (CVE-2013-6128)
A directory traversal vulnerability has been reported in Wellintech Kingview. Successful exploitation of this vulnerability would allow a remote attacker to list directories, create arbitrary files and subsequently execute arbitrary code on the affected system...
WordPress Plugin AdRotate SQL Injection (CVE-2014-1854)
An SQL injection vulnerability has been reported in the AdRotate plugin for WordPress. Remote attacker can exploit this vulnerability to execute arbitrary SQL commands on the target...
B-net Software Content Management System shout.php name Parameter XSS - Ver2 (CVE-2006-0078)
A cross-site scripting vulnerability has been reported in Haddad Said B-net Software 1.0. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Novell Client EnumPrinters Buffer Overflow - Ver2 (CVE-2008-0639)
A buffer overflow vulnerability has been reported in Novell Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
XnView PCT File Processing Buffer Overflow (CVE-2013-2577)
A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution ...
Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)
The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...
Tiki Wiki PHP unserialize() Remote Code Execution (CVE-2012-0911)
A remote code execution vulnerability has been reported in Tiki Wiki...
Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)
A vulnerability exists in SSL library. Remote attacker could construct a specially crafted SSL negotiation packet that could cause the library to crash...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer 8. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
SCADA DaqFactory HMI NETB Request Overflow (CVE-2011-3492)
Stack-based buffer overflow has been reported in Azeotech DAQFactory. The vulnerability is due to insufficient validation of incoming NETB requests to UDP port 20034. A remote attacker could exploit this vulnerability by sending a malicious request to the affected service. Successful exploitation...
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)
An arbitrary code execution vulnerability has been reported in the management GUI in Symantec Web Gateway...
Internet Explorer execCommand Use-After-Free (CVE-2012-4969)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer...
Novell ZENworks LaunchHelp.dll ActiveX Control Code Execution (CVE-2011-2657)
A remote code execution vulnerability has been reported in Novell ZENworks ActiveX control...
ProFTPD FTP Server TELNET_IAC Stack Buffer Overflow (CVE-2010-4221)
A remote code injection and execution vulnerability has been reported in ProFTPD FTP Server. The vulnerability is due to an error in the way boundary checks are implemented when processing Telnet escape sequences. A remote attacker may exploit this issue by sending a specially crafted FTP command...
Internet Explorer Option Element Memory Corruption (MS11-081; CVE-2011-1996)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access objects that have not been initialized or have been deleted. A remote attacker could trigger this vulnerability by enticing an...
Adobe Shockwave Player CSWV Record Length Memory Corruption (APSB10-25; CVE-2010-4087)
Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A memory corruption vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due t...
Workaround for Microsoft Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-076)
A remote code execution vulnerability has been reported in the way Microsoft Windows Embedded OpenType EOT font technology parses certain tables in specially crafted embedded fonts. Embedded OpenType EOT fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploi...
Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)
There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...
Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031; CVE-2010-0815)
Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...
Novell Netware FTP Server Remote Stack Buffer Overflow (CVE-2010-0625)
Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. Netware FTP Server software supplies service for transferring files to and from Netware volumes. File transfers can be performed using any FTP client. A buffer...
Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)
The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...
Oracle Database Server Workspace Manager Multiple SQL Injection (CVE-2008-3982)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Microsoft Windows GDIplus PNG Chunk Processing Integer Overflow (MS09-062; CVE-2009-2501; CVE-2013-1331)
An integer overflow vulnerability exists in Microsoft Windows GDI+. The vulnerability is due to lack of input validation when Microsoft Windows GDI+ handles PNG files. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted PNG file. Successful...
Update Protection against Sun Java System Application Server HTTP TRACE Vulnerability
Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method which can be leveraged by attackers to gain access to sensitive user information. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. A local or remote...
IBM Tivoli Storage Manager Client CAD Service Buffer Overflow (CVE-2009-3853)
IBM Tivoli Storage Manager TSM Express is a backup solution which is designed to protect data from failures and other errors by storing backups and archiving data. The product is available for multiple platforms and various hardware architectures. A buffer overflow vulnerability exists in IBM...
Update Protection against IBM Tivoli Storage Manager Client CAD Service Buffer Overflow
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Client software, a backup designed to protect data from failures and other errors by storing backups and archiving data. The vulnerability is due to a boundary error in the Client Acceptor Daemon CAD service while processing a...
Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow (CVE-2007-2795)
Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is a server-side implementation of the IMAP protocol. There exists a heap overflow vulnerability in Ipswitch IMail Server IMAP component. The...
Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)
Portable Document Format PDF is a file format for documents based on the PostScript description language. One of the products that is widely used to read PDF files is Adobe Acrobat Reader. This product is available on different platforms, including many versions of UNIX and Linux. There is a...
Ipswitch IMail Web Calendaring Arbitrary File Read (CVE-2005-1252)
The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol...
Microsoft Windows MP3 File Media Playback Memory Corruption (MS09-047; CVE-2009-2499)
MPEG-1 Audio Layer 3 MP3 is a file format which uses lossy compression to compress audio information. A remote code execution vulnerability has been reported in the way Microsoft Windows handles specially crafted MP3 media files. The vulnerability is due the Windows component responsible for...
Internet Explorer Memory Corruption (MS09-034; CVE-2009-1917)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way that Internet Explorer handles a memory object. When Internet Explorer attempts to access an object that has been deleted, memory may be corrupted in such a way that an...
Microsoft DirectShow Video ActiveX Control Stack Buffer Overflow (CVE-2008-0015)
The Microsoft Video Control object is a Microsoft ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. A stack buffer overflow vulnerability has been discovered in Microsoft DirectShow. The flaw is in the way Microsoft Video ActiveX contro...
Update Protection against Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
A buffer overflow vulnerability was reported in BEA WebLogic Server, an Application Server platform for large enterprise web applications. The vulnerability is due to a boundary error while parsing SSL certificates. A remote unauthenticated attacker can exploit this vulnerability by sending a...
Preemptive Protection against EMC VMware Workstation DHCP Service Integer Underflow Vulnerability
An integer underflow vulnerability has been reported in the VMware DHCP service. VMware Workstation is a virtualization technology that allows running multiple instances of virtual computers simultaneously with the hosting operating system. The Dynamic Host Configuration Protocol DHCP provides...
Security Best Practice: Protect Yourself against DNS Cache Poisoning
DNS cache poisoning occurs when false DNS records are injected into a DNS server's cache tables. Once the cache tables have been altered, a remote attacker may inspect, capture or corrupt any information exchanged between hosts on the network. By poisoning a DNS server, a remote attacker could, f...
Preemptive Protection against Microsoft XML Remote Code Execution Vulnerability (MS06-071)
XMLHTTP, an ActiveX control that is included in Microsoft XML Core Services MSXML, is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications...
GitLab Community and Enterprise Edition Cross-Site Scripting (CVE-2021-22242)
A stored cross-site scripting vulnerability exists in the Community edition and Enterprise edition of GitLab. The vulnerability is due to improper input validation...