13538 matches found
Moodle Spellcheck Remote Command Execution (CVE-2013-3630)
A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...
Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)
A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...
Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012; CVE-2006-0028)
Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available in several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...
MyBB Admin Control Panel Remote Code Execution (CVE-2022-24734)
A code injection vulnerability exists in MyBB. The vulnerability is due to insufficient input validation when parsing user input sent to Admin Control Panel...
Microsoft RPC Remote Code Execution (CVE-2022-26809)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Monitorr Remote Code Execution (CVE-2020-28871)
A remote code execution vulnerability exists in Monitorr. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
OpenSIS SQL Injection (CVE-2020-6637; CVE-2020-6137; CVE-2020-6138; CVE-2020-6139; CVE-2020-6140; CVE-2020-6141)
An SQL injection vulnerability exists in OpenSIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Seowon Intech Remote Code Execution (CVE-2020-17456)
A remote code execution vulnerability exists in Seowon Intech SLC130. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Delta Industrial Automation CNCSoft Buffer Overflow (CVE-2019-10947)
A buffer overflow vulnerability exists in Delta Industrial Automation CNCSoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Internet Explorer Remote Code Execution (CVE-2019-0541)
A remote code execution vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)
Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...
Microsoft Windows CredSSP MITM Remote Code Execution (CVE-2018-0886)
A remote code execution vulnerability exists in CredSSP. The vulnerability due to how CredSSP validates request during the authentication process. A remote attacker can exploit this vulnerability by sending a specially crafted RDP request to the target...
Cross-Site Scripting (CVE-2005-0543; CVE-2014-4075; CVE-2014-4116; CVE-2014-6325; CVE-2014-6365; CVE-2015-1636; CVE-2015-1640; CVE-2015-1757)
...
Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)
Microsoft Excel is a popular spreadsheet application. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A buffer overflow vulnerability has been reported in Microsoft Excel...
Update Protection against Mozilla Firefox JIT escape Function Memory Corruption
A memory corruption vulnerability exists in Mozilla Firefox, a web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles JIT Just-in-Time escape Function calls. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious we...
Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)
A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...
Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)
A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...
Microsoft Windows Media Player MIDI Code Execution (MS12-004) - Ver2 (CVE-2012-0003)
A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...
HP Operations Agent Opcode Stack Buffer Overflow - Ver2 (CVE-2012-2019)
A stack-based buffer overflow vulnerability has been reported in HP Operations Agent. The vulnerability is due to a bound checking error when processing requests containing certain opcodes. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server...
Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...
Belkin Linksys WRT110 Remote Command Execution - Ver2 (CVE-2013-3568)
A remote command execution vulnerability has been reported in Belkin Linksys WRT110 firmware. The vulnerability is due to the Web interface's failure to sanitize ping targets as well as a lack of CSRF tokens. A remote attacker could exploit this vulnerability by sending a malicious HTTP request t...
Microsoft Windows Font Library File Buffer Overflow - Ver2 (CVE-2011-2003)
A buffer overflow vulnerability has been reported in Microsoft Windows. The vulnerability is due to an input validation error when the kernel parses a .FON font file. A remote attacker could exploit this issue by enticing a target user to open a specially crafted .FON file...
Chasys Draw IES BMP Buffer Overflow (CVE-2013-3928)
A buffer overflow vulnerability has been reported in Chasys Draw IES. The vulnerability is due to an image parsing input validation error in Chasys Draw IES when parsing a file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file. Successful exploitation will...
Novell File Reporter FSFUI File Upload (CVE-2012-4959)
A file upload vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests. A remote attacker can exploit this issue by sending a specially crafted request to the target. Successful exploitation could result in arbitrary files bein...
Microsoft IIS ISAPI Extension Indexing Service Buffer Overflow (MS01-033; CVE-2001-0500)
The Internet Information Server IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server component that is capable of serving static, as well as dynamic content. There exists a vulnerability in ISAPI extension idq.dll in...
HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)
HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...
Internet Explorer Data Stream Header Corruption (MS09-054; CVE-2009-1547)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way Internet Explorer processes data stream headers. The vulnerability occurs when Internet Explorer processes a specially crafted data stream header, it may corrupt system...
UltraVNC VNCViewer Authenticate Buffer Overflow (CVE-2009-0388)
Virtual Network Computing VNC is a graphical desktop sharing technology that uses the Remote Frame Buffer RFB protocol to remotely control another computer. The controller computer client or viewer sends keyboard and mouse events to the controlled computer server; the controlled computer sends...
Update Protection against Trend Micro ServerProtect CreateBinding DCE-RPC Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...
Update Protection against Trend Micro ServerProtect EarthAgent DCE-RPC Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...
WMF and EMF Files (CVE-2005-2123; CVE-2005-2124; CVE-2005-4560; CVE-2006-0020)
...
Subrion CMS Remote Code Execution (CVE-2018-19422)
A remote code execution vulnerability exists in Subrion CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
MongoDB mongo-express Remote Code Execution (CVE-2019-10758)
A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Solr Remote Code Execution (CVE-2019-0193)
A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...
WordPress Plainview Activity Monitor Plugin Command Injection (CVE-2018-15877)
A command injection vulnerability exists in WordPress Plainview Activity Monitor plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the affected system...
Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)
An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...
Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)
An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...
Oracle Endeca Server createDataStore Remote Command Execution (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)
A heap buffer overflow vulnerability has been reported in the InduSoft Thin Client. The vulnerability is due to lack of input validation of a certain parameter. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. Successf...
Oracle Database Application Express Component APEX Password Hash Disclosure (CVE-2009-0981)
Oracle Application Express APEX is a component of Oracle database server products. It is a web application development environment, with which developers can create and deploy database-backed applications via a web-based interface. An information disclosure vulnerability exists in the Application...
Schneider Electric Struxureware Data Center Expert Command Injection (CVE-2021-22795)
A command-injection vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...
Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)
A directory traversal vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Omron CX-One Stack Buffer Overflow (CVE-2020-27261)
A stack-based overflow exists in the CX-Position module of OMRON CX-One. The vulnerability is due to input validation error when processing NCI configuration files...
Web Servers SQL Injection Attempt (CVE-2020-10220; CVE-2020-15533; CVE-2020-23833; CVE-2020-23973; CVE-2020-23976; CVE-2020-23978; CVE-2020-23979)
An SQL Injection vulnerability exists in web servers due to lack of input validation. Successful exploitation of this vulnerability could result in damaging target systems...
Aerospike Community Remote Code Execution (CVE-2020-13151)
A remote code execution vulnerability exists in Aerospike Community. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Inductive Automation Ignition Insecure Deserialization (CVE-2020-12004; CVE-2020-10644)
An insecure deserialization vulnerability exists in Inductive Automation Ignition. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Jenkins Dependency Graph View Plugin Cross-Site Scripting (CVE-2019-10349)
A Cross-Site Scripting vulnerability exists in Jenkins Dependency Graph View plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...