13538 matches found
p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)
p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...
FortiLogger Arbitrary File Upload (CVE-2021-3378)
An arbitrary file upload vulnerability exists in FortiLogger. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Media Player MIDI Remote Code Execution (MS12-004; CVE-2012-0003)
A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...
FUEL CMS Remote Code Execution (CVE-2018-16763)
A command injection vulnerability exists in FUEL CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ABB Panel Builder 800 Stack-based Buffer Overflow (CVE-2018-10616)
A stack-based buffer overflow exists in ABB Panel Builder. The vulnerability is due to an input validation error while processing a parameter for ABB Comli OPC driver setting...
Microsoft Browser Information Disclosure (CVE-2017-8529)
An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file...
RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...
Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...
Cybelsoft ThinVNC Directory Traversal (CVE-2019-17662)
A Directory Traversal vulnerability exists in Cybelsoft ThinVNC. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Doctor Appointment System SQL Injection (CVE-2021-27314; CVE-2021-27315; CVE-2021-27316)
An SQL injection vulnerability exists in Doctor Appointment System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Plugin WPGraphQL Information Disclosure (CVE-2019-9879; CVE-2019-9880; CVE-2019-9881)
An information disclosure vulnerability exists in WordPress Plugin WPGraphQL. A remote attacker could trigger this flaw by sending a crafted request. Successful exploitation may result in the disclosure of sensitive information...
Command Injection Over HTTP Payload (CVE-2013-6719; CVE-2013-6720; CVE-2020-26728; CVE-2022-30105)
A command Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)
A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to a CAttribute object being confused for a CAttrArray object by the PrivateFindInl method. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Git Client Path Validation Command Execution (CVE-2014-9390)
A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a...
Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)
A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...
MediaWiki Input Validation Remote Code Execution (CVE-2014-1610)
A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...
Microsoft IIS FTP Server Recursive Listing Denial of Service (CVE-2009-2521; CVE-2009-3023)
IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes an FTP server service for exchanging and manipulating files over a TCP computer network. A stack consumption vulnerability has been discovered in Microsoft Internet Information...
Preemptive Protection against Sourcefire Intrusion Sensor and Snort DCE/RPC Preprocessor Buffer Overflow Vulnerability
A buffer overflow vulnerability has been identified in Sourcefire Intrusion Sensor and in Snort DCE/RPC preprocessor. Sourcefire Snort is an open-source network intrusion detection system. Snort DCE/RPC preprocessor is a plug-in that reassembles fragmented SMB and DCE/RPC packets. A remote attack...
SolarView Compact Command Injection (CVE-2022-29303)
A command injection vulnerability exists in SolarView Compact. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)
A remote code execution vulnerability exists in Micro Focus UCMDB. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cacti color.php SQL Injection (CVE-2020-14295)
A SQL injection vulnerability exists in Cacti. The vulnerability is due to improper sanitization of the filter request parameter in color.php...
uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)
A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)
A type confusion vulnerability exists in Red Lion Crimson. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current user...
Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
Microsoft GDI EMF Image Processing Integer Overflow - Ver2 (CVE-2011-0041)
A integer overflow vulnerability has been reported in Microsoft GDI+. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Assembly Execution File Inclusion - Ver2 (CVE-2012-0013)
A file inclusion vulnerability has been reported in Microsoft Office. The vulnerability is due to ClickOnce application file types not being included in the Windows Packager unsafe file type list. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...
Wireshark DECT Dissector Stack Buffer Overflow - Ver2 (CVE-2011-1591)
A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...
Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)
A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...
Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service - Improved Confidence (CVE-2012-3526)
A denial of service vulnerability has been reported in Apache's HTTP Server. The vulnerability is caused due to an error while processing certain http headers. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to a target. Successful exploitation will lea...
HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow (CVE-2010-1961; CVE-2010-1964)
The HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, and OpenView Network Node Manager. A buffer overflow vulnerabili...
Sun Java System Web Server WEBDAV Stack Buffer Overflow (CVE-2010-0361)
Sun Microsystems' Java System Web Server is a high performance web server for medium to large business applications. It is available for all major platforms and supports Java, PHP, CGI and ColdFusion technologies. A stack buffer overflow vulnerability exists in Sun Java System Web Server. The...
WordPress Tatsu Plugin Remote Code Execution (CVE-2021-25094)
A remote code execution vulnerability exists in WordPress Tatsu plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft SharePoint Remote Code Execution (CVE-2021-31181)
A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)
A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrar...
Internet Explorer FTP Response Parsing Memory Corruption (MS07-016; CVE-2007-0217)
Microsoft Internet Explorer IE is a web browser application that is included as part of Microsoft Windows operating systems. Microsoft Windows Internet WinINet application programming interface API in Internet Explorer is a component to serve as application interface for Internet protocols, such ...
Eaton HMiSoft Stack Buffer Overflow (CVE-2020-10639)
A stack buffer overflow vulnerability exists in Eaton HMiSoft. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...
Zoho ManageEngine DataSecurity Plus Authentication Bypass (CVE-2020-11532)
An authentication bypass vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to the presence of hardcoded default credentials for the Dataengine Xnode server component...
Sonatype Nexus Repository Manager Remote Code Execution (CVE-2020-10199)
A remote code execution vulnerability exists in Sonatype Nexus Repository Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office RTF Stack Buffer Overflow (MS10-087) - Ver2 (CVE-2010-3333)
RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. . The vulnerability is due to an error in Microsoft Office that fails to...
Moodle Spellcheck Remote Command Execution (CVE-2013-3630)
A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...
Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)
A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...
Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012; CVE-2006-0028)
Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available in several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...
Microsoft RPC Remote Code Execution (CVE-2022-26809)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
OpenSIS SQL Injection (CVE-2020-6637; CVE-2020-6137; CVE-2020-6138; CVE-2020-6139; CVE-2020-6140; CVE-2020-6141)
An SQL injection vulnerability exists in OpenSIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Seowon Intech Remote Code Execution (CVE-2020-17456)
A remote code execution vulnerability exists in Seowon Intech SLC130. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Intellian Aptus Web Remote Code Execution (CVE-2020-7980)
A remote code execution vulnerability exists in Intellian Aptus Web. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Delta Industrial Automation CNCSoft Buffer Overflow (CVE-2019-10947)
A buffer overflow vulnerability exists in Delta Industrial Automation CNCSoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Internet Explorer Remote Code Execution (CVE-2019-0541)
A remote code execution vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...