13538 matches found
Microsoft Windows Library Loading Remote Code Execution (MS15-132: CVE-2015-6133)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...
GnuTLS DistinguishedName Decoding Double Free (CVE-2015-6251)
A double-free vulnerability has been reported in GnuTLS. The vulnerability is due to an error within gnutlsx509dntostring while processing very long Distinguished Name values in X.509 certificates. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate ...
Websense Triton Content Manager handle_debug_network Stack Buffer Overflow (CVE-2015-5718)
A stack buffer overflow vulnerability exists in Websense Triton Content Manager. The vulnerability is due to calling "strcpy" without boundary checking. A remote unauthenticated attacker can overflow the "dest" buffer in "handledebugnetwork"...
ManageEngine Multiple Products Multiple SQL Injections (CVE-2014-7868)
An SQL injection vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to insufficient input validation of the OPMBVNAME parameter when processing requests using the APMBVHandler servlet. A remote attacker can exploit this vulnerability to inject and...
Samsung iPOLiS Device Manager WriteConfigValue Stack Buffer Overflow (CVE-2015-0555)
A stack-based buffer overflow vulnerability exists in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation of a parameter passed to WriteConfigValue of the XnsSdkDeviceIpInstaller ActiveX control. A remote attacker can exploit this vulnerability by enticing a...
Microsoft IIS 5.0 ISAPI Internet Printing Protocol Extension Buffer Overflow - Ver2 (CVE-2001-0241)
A buffer overflow in this extension IIS 5.0 can permit remote attackers to execute arbitrary code on the web server with the same privileges as the web server. The ISAPI .printer extension permits the submitting and controlling of print jobs over HTTP. There exists an unchecked buffer in the Host...
SOAPUI Remote Code Execution - Ver2 (CVE-2014-1202)
A code execution vulnerability has been reported in Eviware SoapUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0037)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Advantech ADAMView Conditional Bitmap Remote Code Execution (CVE-2014-8386)
A stack-buffer overflow has been reported in Advantech ADAMView. The vulnerability is due to insufficient validation of conditional bitmaps from a file...
VLC Media Player ABC File Parsing Buffer Overflow - Ver2 (CVE-2013-4233)
A buffer overflow vulnerability has been reported in VLC Media Player's ABC file parsing. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Rocket Servergraph Admin Center fileRequestor Directory Traversal - Ver2 (CVE-2014-3914)
A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...
Microsoft Host Integration Server Remote Command Execution (MS08-059) - Ver2 (CVE-2008-3466)
Microsoft Host Integration Server HIS is a gateway application that provides host access and integration, extending Microsoft Windows to other systems by integrating mission-critical host applications, data sources, messaging, and security systems. . A remote code execution vulnerability has been...
SePortal staticpages SQL Injection (CVE-2008-5191)
An SQL injection vulnerability has been reported in SePortal. A remote attacker may exploit this issue by executing arbitrary SQL commands via the pollid parameter to pool.php and the spid parameter to staticpages.php. Successful exploitation could cause an SQL statement execution on the server,...
GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)
A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...
ProShow Gold file based Buffer Overflow - Ver2 (CVE-2009-3214)
A buffer overflow vulnerability has been reported in Photodex Proshow Gold. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (MS07-061) - Ver2 (CVE-2007-3896)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Windows Internet Explorer 7. The vulnerability occurs when Windows does not correctly handle specially crafted URLs or URIs that are passed to it. There are a...
Microsoft Excel Column Record Handling Memory Corruption (MS07-002) - Ver2 (CVE-2007-0030)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
Zavio IP Camera Firmware 1.6.03 Authentication Bypass - Ver2 (CVE-2013-2567)
An authentication bypass vulnerability has been reported in the Zavio IP Camera firmware. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Microsoft Word Section Table Array Buffer Overflow - Ver2 (CVE-2007-0515)
A buffer overflow vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a flaw in the Section Table entry inside the Table Stream structure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
KingView ActiveX Control Directory Traversal - Ver2 (CVE-2013-6128)
A directory traversal vulnerability has been reported in Wellintech Kingview. Successful exploitation of this vulnerability would allow a remote attacker to list directories, create arbitrary files and subsequently execute arbitrary code on the affected system...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)
An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
WordPress Plugin AdRotate SQL Injection (CVE-2014-1854)
An SQL injection vulnerability has been reported in the AdRotate plugin for WordPress. Remote attacker can exploit this vulnerability to execute arbitrary SQL commands on the target...
B-net Software Content Management System shout.php name Parameter XSS - Ver2 (CVE-2006-0078)
A cross-site scripting vulnerability has been reported in Haddad Said B-net Software 1.0. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Novell Client EnumPrinters Buffer Overflow - Ver2 (CVE-2008-0639)
A buffer overflow vulnerability has been reported in Novell Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
G-neric Generic MembreManager.php include-path Parameter PHP Code Execution - Ver2 (CVE-2007-0584)
A code execution vulnerability has been reported in G-neric Php Generic Library And Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
XnView PCT File Processing Buffer Overflow (CVE-2013-2577)
A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution ...
Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)
The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...
Tiki Wiki PHP unserialize() Remote Code Execution (CVE-2012-0911)
A remote code execution vulnerability has been reported in Tiki Wiki...
Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)
A vulnerability exists in SSL library. Remote attacker could construct a specially crafted SSL negotiation packet that could cause the library to crash...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer 8. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
SCADA DaqFactory HMI NETB Request Overflow (CVE-2011-3492)
Stack-based buffer overflow has been reported in Azeotech DAQFactory. The vulnerability is due to insufficient validation of incoming NETB requests to UDP port 20034. A remote attacker could exploit this vulnerability by sending a malicious request to the affected service. Successful exploitation...
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)
An arbitrary code execution vulnerability has been reported in the management GUI in Symantec Web Gateway...
Internet Explorer execCommand Use-After-Free (CVE-2012-4969)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer...
Novell ZENworks LaunchHelp.dll ActiveX Control Code Execution (CVE-2011-2657)
A remote code execution vulnerability has been reported in Novell ZENworks ActiveX control...
Internet Explorer Option Element Memory Corruption (MS11-081; CVE-2011-1996)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access objects that have not been initialized or have been deleted. A remote attacker could trigger this vulnerability by enticing an...
Microsoft Windows Common Control Library Heap Buffer Overflow (MS10-081; CVE-2010-2746)
The common controls are a set of windows that are implemented by the common control library, Comctl32.dll, which is a DLL included with the Windows operating system. Like other control windows, a common control is a child window that an application uses in conjunction with another window to enabl...
Adobe Shockwave Player CSWV Record Length Memory Corruption (APSB10-25; CVE-2010-4087)
Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A memory corruption vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due t...
Workaround for Microsoft Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-076)
A remote code execution vulnerability has been reported in the way Microsoft Windows Embedded OpenType EOT font technology parses certain tables in specially crafted embedded fonts. Embedded OpenType EOT fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploi...
Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)
There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...
Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031; CVE-2010-0815)
Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...
Novell Netware FTP Server Remote Stack Buffer Overflow (CVE-2010-0625)
Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. Netware FTP Server software supplies service for transferring files to and from Netware volumes. File transfers can be performed using any FTP client. A buffer...
Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)
The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...
Oracle Database Server Workspace Manager Multiple SQL Injection (CVE-2008-3982)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Microsoft Windows GDIplus PNG Chunk Processing Integer Overflow (MS09-062; CVE-2009-2501; CVE-2013-1331)
An integer overflow vulnerability exists in Microsoft Windows GDI+. The vulnerability is due to lack of input validation when Microsoft Windows GDI+ handles PNG files. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted PNG file. Successful...
Update Protection against IBM Tivoli Storage Manager Client CAD Service Buffer Overflow
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Client software, a backup designed to protect data from failures and other errors by storing backups and archiving data. The vulnerability is due to a boundary error in the Client Acceptor Daemon CAD service while processing a...
Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow (CVE-2007-2795)
Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is a server-side implementation of the IMAP protocol. There exists a heap overflow vulnerability in Ipswitch IMail Server IMAP component. The...
Ipswitch IMail Web Calendaring Arbitrary File Read (CVE-2005-1252)
The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol...
Microsoft Windows MP3 File Media Playback Memory Corruption (MS09-047; CVE-2009-2499)
MPEG-1 Audio Layer 3 MP3 is a file format which uses lossy compression to compress audio information. A remote code execution vulnerability has been reported in the way Microsoft Windows handles specially crafted MP3 media files. The vulnerability is due the Windows component responsible for...
Internet Explorer Memory Corruption (MS09-034; CVE-2009-1917)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way that Internet Explorer handles a memory object. When Internet Explorer attempts to access an object that has been deleted, memory may be corrupted in such a way that an...