13538 matches found
Microsoft Excel Malformed SELECTION Record Code Execution (MS06-037; CVE-2006-1301)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
Microsoft SMB Client Memory Allocation Memory Corruption (MS10-020; CVE-2010-0269)
The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A elevation of privilege vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation. The vulnerability is due to an error in the Microsoft SMB client...
Firebird XDR Operation Request Handling Denial of Service (CVE-2008-0387)
There exists a null-dereference overflow vulnerability in Firebird database project. The flaw resides in the External Data Representation XDR protocol processing routines. A remote unauthenticated attacker may exploit this vulnerability by sending crafted message to the target server. Successful...
Microsoft XML Core Services Memory Corruption (MS07-042; CVE-2007-2223)
Microsoft Windows is shipped with an XML processing framework, named MSXML or Microsoft XML Core services. The framework is used by applications shipped with the operating system as well as third party applications. The most popular application using this framework is Internet Explorer, which can...
Internet Explorer daxctle.ocx KeyFrame Method Memory Corruption (MS06-067; CVE-2006-4777)
Microsoft Internet Explorer IE is a web browser application that is capable rendering both static and dynamic contents. The application supports the ActiveX technology, which is a feature extension framework. IE is installed with a set of ActiveX controls including the DirectAnimation package...
Multiple Browsers Telnet URI Handler File Manipulation (CVE-2004-0411; CVE-2004-0473)
There exists a vulnerability that affects various web-browsers. Insufficient input validation for telnet URI e.g., telnet://hostname can cause the Telnet software activated by the browsers to treat specially crafted Telnet URI as command-line options. As such, a malicious attacker may be able to...
RealNetworks Helix Server RTSP SETUP Request Denial of Service (CVE-2009-2534)
Helix Server is a multi-media server that is designed to serve streaming and static audio and video content. A denial of service vulnerability has been reported in RealNetworks Helix Server. The vulnerability is due to an error in the way RealNetworks Helix Server handles SETUP requests. A remote...
Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038; CVE-2009-1545)
Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...
Internet Explorer XMLHttpRequest Calls Improper Handling (MS09-019; CVE-2009-1528)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To...
Update Protection against Oracle Application Server BPEL Module Cross Site Scripting
Oracle Application Server is vulnerable to cross-site scripting due to lack of validation of user supplied data. Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw may be exploited by attackers to execute arbitrary...
Microsoft DNS Server Validation Spoofing Weakness (MS09-008; CVE-2009-0233; CVE-2009-0234)
Multiple spoofing vulnerabilities have been reported in Windows DNS server. These vulnerabilities could allow a remote attacker to spoof responses and insert records into the DNS server's cache. The DNS caching resolver service saves the responses to DNS queries so that the DNS server is not...
Microsoft Windows search-ms Protocol Handler Command Execution (MS08-075; CVE-2008-4269)
Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types.Windows Search has XML-based files that save information about a search in Windows. A remote code execution vulnerability was reported in Windows Explorer which allo...
Update Protection against CA Multiple Products ActiveX Control Buffer Overflow Vulnerability
A vulnerability was reported in multiple Computer Associates CA products. These products are all intended for enhancing corporate and client security. The vulnerability is due to insufficient boundary checking in the parameters passed to the affected ActiveX control installed by the products list...
Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052; CVE-2004-0904; CVE-2008-3015)
Bitmap BMP is an image file format used to store bitmap digital images. A remote code execution vulnerability has been discovered in the way GDI+ handles integer calculations for BMP files. The vulnerability is due to a buffer overflow when GDI+ fails to properly processes a malformed header in a...
Microsoft Excel FORMAT Record Array Index Memory Corruption (MS08-043; CVE-2008-3005)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel handles index array records. The vulnerability is due to an error in Microsoft Excel that fails to properly validate index array records when loading Excel...
Update Protection against Borland StarTeam Multicast Service HTTP Handling Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in Borland StarTeam Multicast Service. Borland StarTeam is a software change and configuration management tool, designed for both centralized and geographically distributed software development environments. A remote attacker might exploit this...
Microsoft Windows GDI Metafile Image Handling Heap Overflow (MS08-021; CVE-2008-1083)
The Microsoft Windows graphics device interface GDI enables applications to use graphics and formatted text on the video display and on the printer.WMF and EMF are image formats used in many Windows programs including Internet Explorer and Outlook. A remote code execution vulnerability has been...
Update Protection against Microsoft Windows Message Queuing Remote Code Execution Vulnerability (MS07-065)
A buffer overflow vulnerability exists in Microsoft Windows Message Queuing Service. Microsoft Message Queuing MSMQ is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are...
Microsoft Excel Version Information Handling Code Execution (MS07-036; CVE-2007-1756; CVE-2007-3030; CVE-2008-0081)
Microsoft Excel is a popular spreadsheet application. Multiple vulnerabilities have been identified in Microsoft Excel. A remote attacker could exploit these issues via a malformed Excel file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target syste...
Novell NetMail WebAdmin Username Stack Buffer Overflow (CVE-2007-1350)
Novell NetMail is an electronic mail server product that supports various email access and exchange protocols, including IMAP Internet Message Access Protocol and NMAP Network Messaging Application Protocol.WebAdmin is a browser based administrative tool used to manage NetMail...
3Com TFTP Server Transporting Mode Remote Buffer Overflow (CVE-2006-6183)
Trivial File Transfer Protocol TFTP is a protocol used for transferringfiles, allowing remote users to download and upload files to the server. TheTFTP server communicates with clients over UDP port 69. 3Com TFTP Server is a TFTP server service used for easier transfer of filesto or from the...
Update Protection against ASP.NET Information Disclosure Vulnerability (MS06-033)
ASP.NET is collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. An information disclosure vulnerability exists in ASP.Net that could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the...
Microsoft Distributed Transaction Coordinator Memory Corruption (MS05-051; CVE-2005-2119)
DTC Distributed Transaction Coordinator is a system service that coordinates transactions. A vulnerability was detected in the DTC service for several Microsoft Windows operating systems that can allow remote attackers to execute arbitrary code via a crafted DTC packet...
Jenkins Rundeck Plugin Cross-Site Scripting (CVE-2022-30956)
A cross-site scripting vulnerability exists in Jenkins Rundeck Plugin. This vulnerability is due to insufficient validation of user input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to a vulnerable server...
DedeCMS Remote Code Execution (CVE-2022-35516)
A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Commons Text Remote Code Execution (CVE-2022-42889)
A remote code execution vulnerability exists in Apache Commons Text. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe ColdFusion Arbitrary File Read And Deletion (APSB22-44: CVE-2022-38424)
A arbitrary file read and deletion vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Nokia BTS TRS Web Console Authentication Bypass (CVE-2021-31932)
An authentication bypass vulnerability exists in Nokia BTS TRS Web Console. Successful exploitation of this vulnerability would allow remote attacker to obtain sensitive information and gain unauthorized access into the affected system...
Tenda M3 Router Buffer Overflow (CVE-2022-32036)
A buffer overflow vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...
Moodle Directory Traversal (CVE-2022-35650)
A Directory Traversal vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
WhatsApp Desktop Cross Site Scripting (CVE-2019-18426)
A cross site scripting vulnerability exists in WhatsApp Desktop. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Naviwebs Navigate CMS Directory Traversal (CVE-2018-17553)
A directory traversal vulnerability exists in Naviwebs Navigate CMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
LG N1A1 Remote Code Execution (CVE-2018-14839)
A remote code execution vulnerability exists in LG N1A1. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Google Chrome Use After Free (CVE-2022-0609)
A use after free vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zoho ManageEngine ADManager Plus Arbitrary File Upload (CVE-2021-20130)
An unrestricted file upload vulnerability exists in ManageEngine ADManager Plus. The vulnerability is due to lack of validation of uploaded files in PasswordExpiryAction class...
Dnnsoftware DotNetNuke Remote Code Execution (CVE-2018-15811)
A Remote Code Execution vulnerability exists in Dnnsoftware DotNetNuke. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fortinet FortiOS Remote Code Execution (CVE-2016-6909)
A remote code execution vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sumavision Enhanced Multimedia Router Cross Site Request Forgery (CVE-2020-10181)
A cross site request forgery vulnerability exists in Sumavision Enhanced Multimedia Router. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the affected system...
Rapid7 Nexpose SQL Injection (CVE-2020-7383)
An SQL injection vulnerability exists in Rapid7 Nexpose. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Oracle Fusion Middleware BI Publisher Arbitrary File Upload (CVE-2021-2392)
An arbitrary file upload vulnerability exists in Oracle Business Intelligence. This vulnerability is due to insufficient input validation in the UploadFndDBCPage class...
Advantech iView deleteZtpConfig SQL Injection (CVE-2021-32932)
A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in method in Java class...
Jenkins Credentials Plugin Cross-Site Scripting (CVE-2021-21648)
A reflected cross-site scripting vulnerability exists in Jenkins Credentials Plugin. This vulnerability is due to insufficient validation of user-controlled information on the upload certificate view provided by Credentials plugin...
Invigo Automatic Device Management Command Injection (CVE-2020-10583)
A command injection vulnerability exists in Invigo Automatic Device Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
libEBML Use After Free (CVE-2015-8789)
A use-after-free vulnerability exists in libEBML. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
A remote code execution vulnerability exists in Microsoft Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockoa SQL Injection (CVE-2020-18714)
An SQL injection vulnerability exists in Rockoa. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)
A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...
Libbpg Project Out of Bounds Write (CVE-2016-8710)
A remote code execution vulnerability exists in Libbpg project Libbpg. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sangoma FreePBX Authentication Bypass (CVE-2019-19006)
An authentication bypass vulnerability exists in Sangoma FreePBX. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized...
Easycorp Zentao Pro Command Injection (CVE-2020-7361)
A command injection vulnerability exists in Easycorp Zentao Pro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...