13538 matches found
Node.js Node Extend Remote Code Execution (CVE-2020-7673)
A remote code execution vulnerability exists in Node.js. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Comtrend Command Injection (CVE-2020-10173)
A command injection vulnerability exists in Comtrend. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Wechat Brodcast Project Directory Traversal (CVE-2018-16283)
A directory traversal vulnerability exists in wechat brodcast project wechat brodcast x=1.2.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Pandora FMS Remote Code Execution (CVE-2020-5844)
A remote code execution vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
NGINX NJS Denial of Service (CVE-2019-11837)
A denial of service DoS vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Advantech WebAccess Buffer Overflow (CVE-2019-10991)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within giffconv.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-11942)
A remote code execution vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Atlassian Confluence Server Information Disclosure (CVE-2019-3394)
A local file inclusion vulnerability exists in Atlassian Confluence Server. This vulnerability is due to improper validation of file path. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to...
Microsoft Windows DHCP Client Code Execution (CVE-2019-0547)
A remote code execution vulnerability exists in Microsoft DHCP Client. The vulnerability is due to improper processing of DHCP response messages, causing memory corruption. A remote attacker could exploit this vulnerability by sending maliciously crafted DHCP responses to a vulnerable target...
Sonatype Nexus Repository Manager 3 Remote Code Execution (CVE-2019-7238)
A remote code execution vulnerability exists in Sonatype Nexus Repository Manager 3. This vulnerability is due to insufficient validation of the parameter in the previewAssets function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Microsoft Win32k Elevation of Privilege (CVE-2019-1364)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Elevation of Privilege (CVE-2019-1341)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Siemens TIA Portal Remote Code Execution (CVE-2019-10915)
A remote code execution vulnerability exists in Siemens TIA Portal. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office Remote Code Execution (CVE-2018-0798)
A stack-based buffer overflow vulnerability exists in Microsoft Office. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted OLE file to the affected target...
HAProxy Compressed Name Denial of Service (CVE-2018-20103)
A denial-of-service vulnerability has been reported in HAProxy. The vulnerability is due to incorrect handling of compressed pointers. Successful exploitation of this vulnerability could lead to a denial of service condition...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0590)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Registry Elevation of Privilege (CVE-2018-8410)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8384)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
QNAP Qcenter Virtual Appliance Information Disclosure (CVE-2018-0706)
An Information disclosure vulnerability exists in QNAP Qcenter Virtual Appliance web console. Successful exploitation of this vulnerability would allow an authenticated user to obtain sensitive information...
ntopng Network Analyzer Authentication Bypass (CVE-2018-12520)
An authentication bypass vulnerability exists in ntopng network analyzer. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow a remote attacker to hijack a user's session and escalating...
Microsoft Edge Memory Corruption (CVE-2018-8111)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0837)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
vBulletin cacheTemplates Remote Code Execution (CVE-2017-17672)
A remote code execution vulnerability exists in the vBulletin software package. The vulnerability is due to improper validation of user input .Successful exploitation of this vulnerability will allow execution of arbitrary code on a target system...
Cesanta Mongoose DNS Compressed Name Denial of Service (CVE-2017-2909)
An infinite loop vulnerability exists in the DNS server functionality of Cesanta Mongoose. The vulnerability is due to insufficient handling of compressed names in DNS queries and responses. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted DNS query or respon...
Trend Micro OfficeScan Memory Corruption (CVE-2017-14089)
A memory corruption vulnerability exists in Trend Micro's OfficeScan. A remote unauthorized attacker may exploit this issue by accessing the OfficeScan server and targeting cgiShowClientAdm.exe to cause memory corruption issues...
Microsoft Win32k Elevation of Privilege (CVE-2017-0263)
A Use-After-Free vulnerability exists in Windows. The vulnerability occurs when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode with full user rights...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0234)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0072)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Novell Micro Focus GroupWise Multiple Cross Site Scripting (CVE-2016-5760)
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to failure to properly sanitize user-supplied input. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted UR...
VideoCharge Software Watermark Master (CVE-2013-6935)
A stack based buffer overflow vulnerability was found in Watermark Master 2.2.23. The vulnerability is due to an error when Watermark Master improperly handles a specially crafted WCF file. Remote attackers can exploit this vulnerability and execute arbitrary code on the target machine by enticin...
Juniper Networks ScreenOS Authentication Bypass (CVE-2015-7755)
An authentication bypass vulnerability exists in Juniper Networks ScreenOS. The vulnerability is due to the presence of a default administrative account with a hard-coded password. A remote, unauthenticated attacker could exploit this vulnerability to gain administrative access to the target...
Microsoft Internet Explorer Elevation of Privilege (MS15-094: CVE-2015-2489)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Internet Explorer Memory Corruption (MS15-079: CVE-2015-2444)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Sielco Sistemi Winlog Buffer Overflow - Ver2 (CVE-2012-3815)
A stack-based buffer overflow vulnerability has been reported in Sielco Sistemi Winlog. The vulnerability is due to insufficient sanitation of TCP requests. A remote attacker can exploit this issue by sending a specially crafted TCP request to the affected server. Successful exploitation would...
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
ManageEngine Multiple Products Multiple Directory Traversal (CVE-2014-7866)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by uploading arbitrary files to...
Microsys Promotic PmBase64Decode Buffer Overflow (CVE-2014-9205)
A stack-based buffer overflow vulnerability exists in Microsys's Promotic. The vulnerability is due to an insufficient boundary check on user-supplied data in the PmBase64Decode function. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted base64...
Microsoft Windows Netlogon Spoofing (MS15-027; CVE-2015-0005)
A spoofing vulnerability exists in the Netlogon service. The vulnerability is caused when the Netlogon service improperly establishes a secure communications channel, when given a computer name, without challenging for credentials. A remote attacker may exploit this issue by sending a specially...
Advantech ADAMView Display Properties Parameter Remote Code Execution (CVE-2014-8386)
A remote code execution vulnerability has been reported in Advantech ADAMView. The vulnerability is due to insufficient validation of display properties from a file. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file...
Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow - Ver2 (CVE-2013-0003)
A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...
DNS Label Compression Recursion Denial of Service - Ver2 (CVE-2007-1030)
A denial-of-service vulnerability has been reported in Niels Provos Libevent. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...
CVS Max-dotdot Protocol Command Integer Overflow - Ver2 (CVE-2004-0417)
Concurrent Versions System CVS is an open-source network-transparent version control system. CVS itself does not listen for, or accept network connections. To implement remote repository access, it can be installed as an inetd service, or invoked with the rsh/ssh command. Data between the server...
Hikvision DVR Basic Authentication Buffer Overflow (CVE-2014-4880)
A buffer overflow vulnerability has been reported in Hikvision DVR. The vulnerability is due to a boundary error in Basic Authentication Handling of an RTSP transaction. Successful exploitation may cause a denial of service condition or allow the attacker to inject and execute arbitrary code on t...
ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1762)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)
An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...
CA Erwin Web Portal Multiple Directory Traversal Vulnerabilities (CVE-2014-2210)
Multiple directory traversal vulnerabilities have been reported in CA ERwin Web Portal. The vulnerabilities are due to lack of authentication and insufficient input validation in the FileAccessServiceProvider and ProfileIconServlet servlets when processing HTTP requests. By sending crafted HTTP...
Cisco WebEx UCF atucfobj.dll ActiveX NewObject Buffer Overflow - Ver2 (CVE-2008-3558)
A buffer overflow vulnerability has been reported in Cisco Webex Meeting Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption - Ver2 (CVE-2007-0462)
A memory corruption vulnerability has been reported in QuickDraw. The vulnerability is due to improper handling of PICT image files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...