13538 matches found
Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege (CVE-2018-0952)
An elevation of privilege vulnerability exists in Microsoft visual studio 2015 update3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Elasticsearch Privilege Escalation (CVE-2020-7014)
A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges...
Eaton Intelligent Power Manager system_srv Command Injection (CVE-2020-6651)
A command injection vulnerability exists in Eaton Intelligent Power Manager. The vulnerability is due to a lack of validation of a user-supplied string in requests handled by systemsrv.js before using it to execute a system command...
DrayTek Vigor Stack Buffer Overflow (CVE-2020-10823)
A stack buffer overflow vulnerability exists in DrayTek Vigor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
QuickBox Remote Code Execution (CVE-2020-13448)
A remote code execution vulnerability exists in QuickBox media server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SonicWall SMA100 and SRA Buffer Overflow (CVE-2019-7482)
A buffer overflow vulnerability exists in SonicWall SMA100 and SonicWall SRA systems. Successful exploitation could result in arbitrary code execution in the context of the affected application...
Cisco Data Center Network Manager Command Injection (CVE-2019-15978; CVE-2019-15979)
A command injection vulnerability exists in Cisco Data Center Network Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Malwarebytes Anti-Malware Remote Code Execution (CVE-2019-6739)
A remote code execution vulnerability exists in Malwarebytes Anti-Malware. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by enticing a us...
NETGEAR N300 WNR2000v5 Denial of Service (CVE-2019-5055)
A denial-of-service vulnerability exists in the Host Access Point Daemon on the NETGEAR N300 wireless router. The vulnerability is due invalid sequence SOAP request sent to the service can cause a null pointer dereference. An unauthenticated attacker can send a specially-crafted SOAP request to...
Advantech WebAccess Stack-based Buffer Overflow (CVE-2018-17910)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. Successful exploitation could lead to arbitrary code execution on the affected...
Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11448)
A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in PopupSLA.jsp. Successful exploitation could lead to arbitrary SQL code execution...
Joomla Component Proclaim Backup File Download (CVE-2018-7317)
An information disclosure vulnerability exists in Joomla Component Proclaim. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1196)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1139)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Schneider Electric Modicon Multiple Authentication Bypass Vulnerabilities (CVE-2018-7809; CVE-2018-7810; CVE-2018-7811)
Multiple authentication bypass vulnerabilities exist in Schneider Electric Modicon. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation results in the attacker being able to change the password for...
Microsoft Win32k Elevation of Privilege (CVE-2019-1132)
...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-0988)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PostgreSQL Remote Code Execution (CVE-2019-9193)
A remote code execution vulnerability exists in PostgreSQL. Successful exploitation of this vulnerability could result in arbitrary code execution on the victim machine...
Google Chrome Race Condition Denial Of Service (CVE-2019-5796; CVE-2019-5797)
A denial-of-service vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0812)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office Remote Code Execution (CVE-2019-0801)
A remote code execution vulnerability exists in Microsoft Office. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
LG SuperSign EZ CMS 2.5 Remote Code Execution (CVE-2018-17173)
A remote code execution vulnerability is exist in LG SuperSign EZ CMS. Successful exploitation could result in arbitrary code execution on the target system...
LAquis SCADA Web Server Command Injection (CVE-2018-18992)
A command injection exists in LAquis SCADA web server. The vulnerability is due to insufficient input sanitization, which permits command injection. A remote attacker could exploit this vulnerability by sending a crafted request to an affected server...
HAProxy HTTP2 Frame Size Heap Buffer Overflow (CVE-2018-10184)
A heap-based buffer overflow vulnerability exists in HAProxy. The vulnerability is due to incorrect validation of frame length on incoming HTTP/2 frames. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server...
Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)
A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8298)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fortinet FortiOS SSH backdoor (CVE-2016-1909) - Ver2
An information disclosure vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft IIS Command Execution (CVE-2001-0500) - Ver2
A command execution vulnerability exists in Microsoft IIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0934)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0866)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection (CVE-2017-14078)
An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the id request parameter with getdepprofile action...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0769)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page...
IBM Lotus Notes encodeURI DOS (CVE-2017-1129)
A denial of service vulnerability exists in IBM Lotus Notes. A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8656)
An improper initialization of memory vulnerability exists in Chakra, Microsoft Edge's scripting engine. This vulnerability is due to the incorrect initialization of a variable within the DefineUserVars function due to an error in PreVisitCatch.A remote attacker could exploit this vulnerability by...
Nginx ngx_http_range_filter_module Integer Overflow (CVE-2017-7529)
An integer overflow vulnerability exists in Nginx. The vulnerability is due to insufficient validation of requested byte ranges...
Cisco Prime Collaboration Provisioning logconfigtracer.jsp Directory Traversal (CVE-2017-6621)
An information disclosure vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to logconfigtracer.jsp page. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)
A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...
Schneider Electric U.motion Builder localize.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability has been reported in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the username HTTP request parameter in requests made to localize.php. A remote, unauthenticated user can exploit this vulnerability by sending a crafted...
Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...
Microsoft Malware Protection Engine Remote Code Execution (CVE-2017-8541)
A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to arbitrary code execution...
Joomla com_fields Component SQL Injection (CVE-2017-8917)
An SQL injection vulnerability exists in Joomla comfields Component. Remote attackers may leverage this vulnerability to gain arbitrary code execution over the vulnerable server...
ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)
An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...
Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154)
An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL...
Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)
A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...
Microsoft Outlook Express NNTP handler Buffer Overflow (CVE-2005-1213)
A buffer overflow vulnerability has been reported in Microsoft Outlook Express. The vulnerability is due to an insufficient boundary checking when the vulnerable product processes Network News Transfer Protocol NNTP server responses. An attacker can exploit this vulnerability to inject and execut...
Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6134)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer verifies an argument of a certain function. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page wi...
Asterisk SIP Invite Malformed SDP Denial of Service (CVE-2007-1561)
A denial of service vulnerability exists in the channel driver of Asterisk. A remote attacker may send a SIP INVITE message with an SDP containing one valid and one invalid IP address, causing the server to crash...