13538 matches found
HPE Intelligent Management Center DBMan RestoreDBase MySQL Command Injection (CVE-2017-5819)
A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability exists due to missing validation when handling MySQL databases commands...
Google Chrome Type Confusion (CVE-2018-6064)
A type confusion vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...
Viscom Software Movie Player Pro SDK ActiveX Buffer Overflow (CVE-2010-0356)
A buffer overflow vulnerability has been reported in Viscom Software Movie Player Pro SDK. The vulnerability is due to mishandling of an overly long string. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11799)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine in Edge renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Elastic Elasticsearch Snapshot API Directory Traversal (CVE-2015-5531)
A directory traversal vulnerability exists in Elastic Elasticsearch. The vulnerability is due to insufficient validation on a user-supplied path when a request is sent to access a snapshot repository. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted packets to...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8645)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...
Microsoft Windows EsteemAudit RDP Remote Code Execution (CVE-2017-0176; CVE-2017-9073)
A remote code execution vulnerability exist in Microsoft Remote Desktop Protocol RDP. The vulnerability is due to the Windows Smart Card logon mechanism allowing a buffer overflow. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerabilit...
Zinf Audio Player PLS File Stack Buffer Overflow (CVE-2004-0964)
A stack buffer overflow vulnerability exists in Zinf Audio Player 2.2.1. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...
Microsoft Browser Memory Corruption (MS17-006: CVE-2017-0037)
A type confusion vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user ...
Aerospike Database Server Stack Buffer Overflow (CVE-2016-9052; CVE-2016-9054)
A memory corruption vulnerability has been reported in Aerospike Database Server. This vulnerability is due to improper bounds checking of user-supplied variable. A remote attacker could exploit these vulnerabilities by sending a maliciously crafted packet to the vulnerable server...
Microsoft Office Memory Corruption (MS16-099: CVE-2016-3316)
A memory corruption vulnerability has been reported in Microsoft Word. The application fails to properly handle certain objects in memory when parsing specially crafted files with a large sprmSDyaTop value. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to op...
Microsoft Internet Explorer Memory Corruption (MS16-001: CVE-2016-0002)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows Media Center Remote Code Execution (MS15-134: CVE-2015-6131)
A flaw has been reported in Windows Media Center when parsing MCL files. This flaw could allow malicious users to execute arbitrary code on a target Windows system by enticing the victim to open a specially crafted Media Center file...
Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2432)
Remote code execution vulnerabilities exist in Microsoft Windows Graphics Component. The vulnerability is due to an error in the way Microsoft Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. A remote attacker can exploit this issue by enticing a victim to...
TP-LINK WR1043N Multiple Cross-Site Request Forgery (CVE-2013-2645)
Multiple cross-site request forgery CSRF vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043NDV1120405 allow remote attackers to hijack the authentication of administrators for requests...
HP LoadRunner launcher.dll Stack Buffer Overflow (CVE-2015-2110)
A stack buffer overflow vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient validation of a length value in SSL communication with the HP LoadRunner. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerab...
Microsoft Internet Explorer Memory Corruption (MS15-043: CVE-2015-1686)
A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to JScript and VBScript engines not using Address Space Layout Randomization ASLR security feature when rendered in Internet Explorer. A remote attacker can exploit this issue by...
Creative Software AutoUpdate Engine CTSUEng.ocx ActiveX Control Buffer Overflow (CVE-2008-0955)
A remote code execution vulnerability has been reported inCreative Software AutoUpdate Engine. The vulnerability is due to boundary errors within the AutoUpdate Engine ActiveX control CTSUEng.ocx. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page...
PHP-Fusion Multiple SQL Injections (CVE-2014-8596)
SQL injection vulnerability has been reported in PHP-Fusion. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WinFTP Server NLST Command Denial of Service (CVE-2008-5666)
A denial of service vulnerability has been reported in WinFTP Server. The vulnerability is due to WinFTP Server failure to handle a NLST command when in PASV mode. A remote attacker can exploit this vulnerability by sending a specially crafted connection request to the vulnerable server...
Joomla Component com_rokdownloads Local File Inclusion (CVE-2010-1056)
A file inclusion vulnerability has been reported in Joomla Com Rokdownloads. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Splunk collect file Directory Traversal (CVE-2013-6771)
A directory traversal vulnerability has been found in Splunk. The vulnerability is due to insufficient sanitization of user-provided input to the advanced search functionality in the "file" parameter of the "collect" script...
Microsoft PowerPoint Techno-color Time Bandit Code Execution - Ver2 (CVE-2011-0655)
A code execution vulnerability has been reported in Microsoft PowerPoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel SxView Record Parsing Memory Corruption (MS10-038) - Ver2 (CVE-2010-0821)
Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...
Microsoft Outlook AttachMethods Remote Code Execution - Ver2 (CVE-2010-0266)
A code execution inclusion vulnerability has been reported in Microsoft Office Outlook. The vulnerability is due to an error in Microsoft Office Outlook that fails to properly verify the file extension of an attachment in a specially crafted e-mail message. Successful exploitation of this...
Apple Quicktime RTSP URL Buffer Overflow - Ver2 (CVE-2007-0015)
A buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to lack of boundary checks when processing the "rtsp://" URLs. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause...
Apache Win32 DOS Batch File Arbitrary Command Execution - Ver2 (CVE-2002-0061)
A command execution vulnerability has been reported in Apache Software Foundation Apache HTTP Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Office Smart Tag WordCount Memory Corruption - Ver2 (CVE-2008-2244)
A memory corruption vulnerability has been reported in July. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Media Player HeaderExtensionObject Heap Overflow (MS09-052) - Ver2 (CVE-2009-2527)
ASF Advanced Systems Format is a file format that stores audio and video information and is specially designed to run over networks like the Internet. It is a compressed format that contains streaming audio, video, slide shows, and synchronized events. ASF enables content to be delivered as a...
Cisco Prime Data Center Network Manager processImageSave.jsp Arbitrary File Upload (CVE-2013-5486)
An arbitrary file upload vulnerability exists in Cisco Prime Data Center Network Manager...
Microsoft Internet Explorer EUC-JP Character Encoding Cross Site Scripting (MS13-059; CVE-2013-3192)
A universal cross site scripting vulnerability exists in Microsoft Internet Explorer...
Novell Netware FTP Server DELE Command Stack Buffer Overflow (CVE-2010-4228)
A code execution vulnerability exists in Novell Netware...
Microsoft .NET Framework Entity Expansion Denial of Service (MS13-082; CVE-2013-3860)
A denial of service vulnerability exists in the .NET Framework...
Sun Java Web Start Double Quote Injection (CVE-2012-1533)
A remote code execution vulnerability has been in Java Web Start...
Novell ZENworks Configuration Management File Upload (CVE-2013-1080)
A file upload vulnerability has been reported in Novel ZENworks Configuration Management...
Microsoft Windows RDP ActiveX Control Remote Code Execution (MS13-029; CVE-2013-1296)
A remote code execution vulnerability in the way the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit this vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully...
Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow (CVE-2013-0418)
A heap buffer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to an error when processing Coords structure for loda chunks of type 3 Line/Curve. Remote attackers could exploit the vulnerability to inject and execute arbitrary code in the context of the vulnerable...
LANDesk ThinkManagement Suite SetTaskLogByFile Arbitrary File Deletion (CVE-2012-1196)
A directory traversal vulnerability has been reported in LANDesk ThinkManagement Suite...
Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016; CVE-2009-0077)
A denial of service vulnerability has been reported in Microsoft Internet Security and Acceleration ISA Server...
Multiple Products NCTAudioFile2 ActiveX Control Buffer Overflow (CVE-2007-0018)
A remote code execution vulnerability has been reported in the NCTAudioFile2 ActiveX control. The vulnerability is due to a data validation failure by the NCTAudioFile2 ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted...
Zenturi ProgramChecker ActiveX Components ActiveX Controls Buffer Overflows (CVE-2007-2987)
Multiple buffer overflow vulnerabilities have been reported in Zenturi ProgramChecker. The vulnerabilities are due to a data validation failure, resulting in a buffer overflow. A remote attacker may exploit these vulnerabilities by enticing a target user to open a specially crafted HTML file...
Apache HTTP Server mod_tcl Module Format String (CVE-2006-4154)
Apache HTTP server is the most widely deployed web server product on the Internet. Apache HTTP server is capable of running on many platforms, including Microsoft Windows and a wide variety of Unix-like platforms. The Apache HTTP server is very flexible and customizable in many aspects of its...
Internet Explorer Layouts Handling Memory Corruption (MS11-018; CVE-2011-0094)
A remote code execution vulnerability has been reported in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability is due to a memory corruption error in Internet Explorer when handling layouts. To trigger this issue, an...
Microsoft DNS Resolution LLMNR Query Remote Code Execution (MS11-030; CVE-2011-0657)
Link-local Multicast Name Resolution LLMNR is a new protocol that provides an additional method to resolve the names of neighboring computers. It is especially useful for networks that do not have a DNS server. LLMNR uses a simple exchange of request and reply messages to resolve computer names t...
Novell GroupWise Internet Agent RRULE Parsing Buffer Overflow (CVE-2010-4326; CVE-2011-2662; CVE-2011-2663)
Novell GroupWise is a client-server collaborative software and email system provided by Novell. Novell GroupWise Internet Agent is a component of Novell GroupWise and provides email services, supporting SMTP, POP, and IMAP protocols. A buffer overflow vulnerability has been reported in Novell...
HP OpenView NNM nnmRptconfig.exe schdParams and nameParams Buffer Overflow (CVE-2011-0267)
The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A buffer overflow vulnerability has been reported in the HP OpenView...
Microsoft Office Publisher pubconv.dll Size Value Heap Corruption (MS10-103; CVE-2010-2569)
Microsoft Publisher is a desktop publishing application for creating marketing materials, managing customer lists and more. The vulnerability is due to an error in pubconv.dll, Publisher Converter DLL that is used to open Publisher files created in versions earlier than Microsoft Publisher 2007. ...
Microsoft Word Unchecked Index Value Remote Code Execution (MS10-079; CVE-2010-2750)
Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in the way that Microsoft Word handles index values inside a specially crafted Word file. The vulnerability is due to an error in Microsoft Word that fails to properly parse specially...
CA Alert Notification Server RPC Request Buffer Overflow (CVE-2007-3825)
Computer Associates, or CA, develop and sell various software to enterprise users. Several products, such as the Threat Manager, Protection Suites, and BrightStor ARCserve Backup share a set of common components. One of these common component is the Alert Notification Server. This component is ru...