13538 matches found
Cross-Site Scripting (CVE-2005-0543; CVE-2014-4075; CVE-2014-4116; CVE-2014-6325; CVE-2014-6365; CVE-2015-1636; CVE-2015-1640; CVE-2015-1757)
...
Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)
Microsoft Excel is a popular spreadsheet application. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A buffer overflow vulnerability has been reported in Microsoft Excel...
Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)
A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...
Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)
A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...
Microsoft Windows Media Player MIDI Code Execution (MS12-004) - Ver2 (CVE-2012-0003)
A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...
HP Operations Agent Opcode Stack Buffer Overflow - Ver2 (CVE-2012-2019)
A stack-based buffer overflow vulnerability has been reported in HP Operations Agent. The vulnerability is due to a bound checking error when processing requests containing certain opcodes. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server...
Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...
Belkin Linksys WRT110 Remote Command Execution - Ver2 (CVE-2013-3568)
A remote command execution vulnerability has been reported in Belkin Linksys WRT110 firmware. The vulnerability is due to the Web interface's failure to sanitize ping targets as well as a lack of CSRF tokens. A remote attacker could exploit this vulnerability by sending a malicious HTTP request t...
Microsoft Windows Font Library File Buffer Overflow - Ver2 (CVE-2011-2003)
A buffer overflow vulnerability has been reported in Microsoft Windows. The vulnerability is due to an input validation error when the kernel parses a .FON font file. A remote attacker could exploit this issue by enticing a target user to open a specially crafted .FON file...
Chasys Draw IES BMP Buffer Overflow (CVE-2013-3928)
A buffer overflow vulnerability has been reported in Chasys Draw IES. The vulnerability is due to an image parsing input validation error in Chasys Draw IES when parsing a file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file. Successful exploitation will...
Update Protection against Mozilla Firefox JIT escape Function Memory Corruption
A memory corruption vulnerability exists in Mozilla Firefox, a web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles JIT Just-in-Time escape Function calls. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious we...
Microsoft IIS ISAPI Extension Indexing Service Buffer Overflow (MS01-033; CVE-2001-0500)
The Internet Information Server IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server component that is capable of serving static, as well as dynamic content. There exists a vulnerability in ISAPI extension idq.dll in...
HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)
HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...
Internet Explorer Data Stream Header Corruption (MS09-054; CVE-2009-1547)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way Internet Explorer processes data stream headers. The vulnerability occurs when Internet Explorer processes a specially crafted data stream header, it may corrupt system...
UltraVNC VNCViewer Authenticate Buffer Overflow (CVE-2009-0388)
Virtual Network Computing VNC is a graphical desktop sharing technology that uses the Remote Frame Buffer RFB protocol to remotely control another computer. The controller computer client or viewer sends keyboard and mouse events to the controlled computer server; the controlled computer sends...
Update Protection against Trend Micro ServerProtect CreateBinding DCE-RPC Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...
Update Protection against Trend Micro ServerProtect EarthAgent DCE-RPC Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...
WMF and EMF Files (CVE-2005-2123; CVE-2005-2124; CVE-2005-4560; CVE-2006-0020)
...
Subrion CMS Remote Code Execution (CVE-2018-19422)
A remote code execution vulnerability exists in Subrion CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
MongoDB mongo-express Remote Code Execution (CVE-2019-10758)
A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Solr Remote Code Execution (CVE-2019-0193)
A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...
WordPress Plainview Activity Monitor Plugin Command Injection (CVE-2018-15877)
A command injection vulnerability exists in WordPress Plainview Activity Monitor plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the affected system...
Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)
An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...
Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)
An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...
Oracle Endeca Server createDataStore Remote Command Execution (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
Novell File Reporter FSFUI File Upload (CVE-2012-4959)
A file upload vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests. A remote attacker can exploit this issue by sending a specially crafted request to the target. Successful exploitation could result in arbitrary files bein...
InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)
A heap buffer overflow vulnerability has been reported in the InduSoft Thin Client. The vulnerability is due to lack of input validation of a certain parameter. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. Successf...
Oracle Database Application Express Component APEX Password Hash Disclosure (CVE-2009-0981)
Oracle Application Express APEX is a component of Oracle database server products. It is a web application development environment, with which developers can create and deploy database-backed applications via a web-based interface. An information disclosure vulnerability exists in the Application...
Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)
A directory traversal vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...
Jenkins Dependency Graph View Plugin Cross-Site Scripting (CVE-2019-10349)
A Cross-Site Scripting vulnerability exists in Jenkins Dependency Graph View plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
HTTP URL Patterns (CAN-2004-1315)
...
HPE Lights-Out Authentication Bypass (CVE-2017-12542)
An authentication bypass vulnerability exists in HPE Lights-Out. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
VDOO Axis Camera Authentication Bypass (CVE-2018-10661; CVE-2018-10658; CVE-2018-10659; CVE-2018-10662; CVE-2018-10663; CVE-2018-10664)
An authentication bypass vulnerability exists in VDOO Axis Cameras. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Joomla LDAP Information Disclosure (CVE-2017-14596)
A LADP information disclosure vulnerability exists in Joomla!. Successful exploitation of this vulnerability allows an unprivileged remote attacker to extract all authentication credentials of the effected system...
Microsoft XML Core Services Remote Code Execution (KB2719615) - Ver2 (CVE-2012-1889)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is caused due to a memory corruption when XML core Services attempts to access an object in memory that has not been initialized. A remote attacker may exploit this vulnerability by enticing ...
Microsoft IIS Request Header Buffer Overflow (MS10-065; CVE-2010-2730) - ver 2
A code execution vulnerability exists in Microsoft Internet Information Services IIS...
HP System Management Home Page Command Injection (CVE-2013-3576)
A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...
Multiple Vendors RPC librpc.dll Stack Buffer Overflow (CVE-2009-2754)
Remote Procedure Call RPC is a protocol that a program can use to request a service from a program located on another computer in a network. The librpc.dll handles the RPC protocol parsing. A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The...
Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation (CVE-2010-0866; CVE-2010-0867)
Oracle Database Server is an enterprise-level relational database application suite. A vulnerability exists in Oracle Database 11g server that could allow users with limited privileges to execute SQL commands with System privileges on the server. The vulnerability is due to an access control...
Internet Explorer DHTML Objects Memory Corruption (MS07-069; CVE-2007-5347)
Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...
Apple iTunes Protocol Handler Stack Buffer Overflow (CVE-2009-0950)
Apple iTunes is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files. When iTunes is installed, it registers itself with the host Operating System as a protocol handler for several application URL schemes. A buffer overflow...
HP OpenView Network Node Manager Multiple Parameters Buffer Overflow (CVE-2009-0920; CVE-2009-0921)
The Network Node Manager NNM is an HP OpenView product which manages networks.It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. Multiple buffer overflow vulnerabilities were reported in HP OpenView...
WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)
An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Omron CX-One Stack Buffer Overflow (CVE-2020-27261)
A stack-based overflow exists in the CX-Position module of OMRON CX-One. The vulnerability is due to input validation error when processing NCI configuration files...
Linear eMerge Arbitrary File Upload (CVE-2019-7257)
A vulnerability exists in Linear eMerge E3 devices. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Apache Druid Remote Code Execution (CVE-2021-25646)
A remote code execution vulnerability exists in Apache Druid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)
An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
TCPDF Phar Insecure Deserialization (CVE-2018-17057)
A remote code execution vulnerability exists in LimeSurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...