13538 matches found
Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
A remote code execution vulnerability exists in Microsoft Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Kylin Remote Code Execution (CVE-2020-1956)
A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Libbpg Project Out of Bounds Write (CVE-2016-8710)
A remote code execution vulnerability exists in Libbpg project Libbpg. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sangoma FreePBX Authentication Bypass (CVE-2019-19006)
An authentication bypass vulnerability exists in Sangoma FreePBX. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized...
Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege (CVE-2018-0952)
An elevation of privilege vulnerability exists in Microsoft visual studio 2015 update3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SonicWall SMA100 and SRA Buffer Overflow (CVE-2019-7482)
A buffer overflow vulnerability exists in SonicWall SMA100 and SonicWall SRA systems. Successful exploitation could result in arbitrary code execution in the context of the affected application...
WordPress LearnDash Plugin SQL Injection (CVE-2020-6009)
An SQL injection vulnerability exists in the WordPress LearnDash Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Tutor LMS Plugin Cross Site Request Forgery (CVE-2020-8615)
A cross site request forgery vulnerability exists in WordPress Tutor LMS Plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the effected system...
Apache James Server Command Injection (CVE-2015-7611)
A command injection vulnerability exists in Apache James server. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
Microsoft Exchange Privilege Escalation (CVE-2019-0724)
An elevation of privilege vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess Stack-based Buffer Overflow (CVE-2018-17910)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. Successful exploitation could lead to arbitrary code execution on the affected...
Microsoft Internet Explorer Use After free (CVE-2019-1367)
A use-after-free vulnerability exists in Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1196)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PostgreSQL Remote Code Execution (CVE-2019-9193)
A remote code execution vulnerability exists in PostgreSQL. Successful exploitation of this vulnerability could result in arbitrary code execution on the victim machine...
Oracle Business Intelligence / XML Publisher XML External Entity Injection (CVE-2019-2616)
An XML External Entity Injection vulnerability exists in Oracle Business Intelligence and XML Publisher. Successful exploitation of this vulnerability could result in unauthorized access to critical data in Oracle BI Publisher...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0812)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office Remote Code Execution (CVE-2019-0801)
A remote code execution vulnerability exists in Microsoft Office. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
LG SuperSign EZ CMS 2.5 Remote Code Execution (CVE-2018-17173)
A remote code execution vulnerability is exist in LG SuperSign EZ CMS. Successful exploitation could result in arbitrary code execution on the target system...
Microsoft Windows Elevation of Privilege (CVE-2019-0543)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PhpSpreadsheet XML External Entity Injection (CVE-2018-19277)
An XML external entity injection vulnerability exists in PhpSpreadsheet library. The vulnerability is due to a failure to properly handle external entity references in XML files. A successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...
Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)
A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8298)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fortinet FortiOS SSH backdoor (CVE-2016-1909) - Ver2
An information disclosure vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft IIS Command Execution (CVE-2001-0500) - Ver2
A command execution vulnerability exists in Microsoft IIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Google Chrome Type Confusion (CVE-2018-6064)
A type confusion vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0934)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0866)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0834)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection (CVE-2017-14078)
An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the id request parameter with getdepprofile action...
Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...
Viscom Software Movie Player Pro SDK ActiveX Buffer Overflow (CVE-2010-0356)
A buffer overflow vulnerability has been reported in Viscom Software Movie Player Pro SDK. The vulnerability is due to mishandling of an overly long string. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
IBM Lotus Notes encodeURI DOS (CVE-2017-1129)
A denial of service vulnerability exists in IBM Lotus Notes. A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11793)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...
Nginx ngx_http_range_filter_module Integer Overflow (CVE-2017-7529)
An integer overflow vulnerability exists in Nginx. The vulnerability is due to insufficient validation of requested byte ranges...
Cisco Prime Collaboration Provisioning logconfigtracer.jsp Directory Traversal (CVE-2017-6621)
An information disclosure vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to logconfigtracer.jsp page. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)
A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...
Schneider Electric U.motion Builder localize.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability has been reported in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the username HTTP request parameter in requests made to localize.php. A remote, unauthenticated user can exploit this vulnerability by sending a crafted...
Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...
Microsoft Malware Protection Engine Remote Code Execution (CVE-2017-8541)
A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to arbitrary code execution...
Joomla com_fields Component SQL Injection (CVE-2017-8917)
An SQL injection vulnerability exists in Joomla comfields Component. Remote attackers may leverage this vulnerability to gain arbitrary code execution over the vulnerable server...
ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)
An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154)
An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL...
Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)
A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...
Microsoft Office Memory Corruption (MS16-099: CVE-2016-3316)
A memory corruption vulnerability has been reported in Microsoft Word. The application fails to properly handle certain objects in memory when parsing specially crafted files with a large sprmSDyaTop value. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to op...
Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6134)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer verifies an argument of a certain function. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page wi...
Microsoft VBScript and JScript ASLR Bypass (MS15-106: CVE-2015-6052)
A security feature bypass vulnerability has been discovered in JScript and VBScript scripting engines. The vulnerability is due to the way that the VBScript scripting engine uses the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a...
Google Android Stagefright MP4 Multiple Atoms Integer Underflow (CVE-2015-1539; CVE-2015-3827)
A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer underflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target system...