13538 matches found
Cisco UCS Director Web Interface Authentication Bypass (CVE-2019-1937)
An authentication bypass vulnerability exists in Cisco UCS Director web interface. Successful exploitation of this vulnerability could allow a remote attacker to bypass login authentication and gain unauthorized access to the vulnerable system...
Microsoft SharePoint Remote Code Execution (CVE-2019-1257)
A remote code execution vulnerability exists in Microsoft Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution (CVE-2019-8602; CVE-2015-7036)
A remote code execution vulnerability exists in SQlite fts3tokenizer. Successful exploitation could result in execution of arbitrary code on the affected system...
Microsoft Browser Chakra Scripting Engine Memory Corruption (CVE-2019-1001)
...
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2019-0959)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Task Scheduler Elevation of Privilege (CVE-2019-1069)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sierra Wireless AirLink Remote Code Execution (CVE-2018-4063)
A remote code execution vulnerability exists in Sierra Wireless AirLink. An authenticated attacker can send A specially crafted HTTP request to upload a file, resulting in executable code being uploaded to the target host...
WebKitGTK Denial of Service (CVE-2019-8375)
A denial of service vulnerability exists in WebKitGTK. Successful attack can result in a denial of service condition...
Webmin cgi Upload Remote Code Execution (CVE-2019-9624)
A remote code execution vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2019-0666)
A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Graphics Component Information Disclosure (CVE-2018-8396)
An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker could exploit the vulnerability by enticing user to open a...
Microsoft Office Information Disclosure - Ver 0 (CVE-2018-0950)
A vulnerability exists in RTF based emails which cause information disclosure through Outlook on Windows. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a...
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...
Advantech WebAccess Arbitrary File Deletion (CVE-2018-7495)
An arbitrary file deletion vulnerability exists in Advantech WebAccess. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. Successful exploitation results in the deletion of arbitrary files...
Microsoft Windows Data Sharing Service Elevation of Privilege (CVE-2019-0572)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0567)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Snap Creek Duplicator Code Injection (CVE-2018-17207)
An exploitable remote code execution vulnerability exists in WordPress Duplicator server. A WordPress plugin Snap Creek Duplicator restores a backup, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability...
Advantech WebAccess NMS DownloadAction Directory Traversal (CVE-2018-7503)
A directory traversal vulnerability exists in Advantech WebAccess NMS. The vulnerability is due to insufficient input validation on file paths in the DownloadAction servlet...
Microsoft Outlook Remote Code Execution (CVE-2018-8576)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Google Chrome Integer Overflow Memory Corruption (CVE-2018-6092)
A memory corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Samsung SmartThings Hub SQL Injection (CVE-2018-3879)
An SQL injection vulnerability exists in Samsung SmartThings Hub. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Oracle WebLogic WLS Server Component Arbitrary File Upload (CVE-2018-2894)
An arbitrary file upload vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to input validation of a keystore file. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation cou...
Microsoft Scripting Engine Memory Corruption (CVE-2018-8283)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Intelligent Management Center dbman RestoreZipFile Command Injection - Ver2 (CVE-2017-5821)
A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling RestoreZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...
Lotus Domino Denial-of-service - Ver2 (CVE-2007-1675)
A denial-of-service vulnerability exists in Lotus Domino. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Windows Desktop Bridge Elevation of Privilege (CVE-2018-8214)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel Remote Code Execution (CVE-2018-0920)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass (CVE-2017-8013)
A static credentials authentication bypass vulnerability exists in the EMC Data Protection Advisor Application service...
Microsoft Windows ITS Protocol Information Disclosure (CVE-2017-11927)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to improper parsing of the InfoTech Storage ITS protocol requests. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage or URL...
Cisco Prime Network Analysis Module Graph Directory Traversal (CVE-2017-12285)
A directory traversal vulnerability exists in the Cisco Prime Network Analysis Module. The vulnerability is due to the way Cisco Prime Network Analysis Module handles input validation. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the target...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11809)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Foxit Reader and PhantonPDF XFA gotoURL Command Injection (CVE-2017-10953; CVE-2019-8160)
A command injection vulnerability exists in the XFA component of Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of user-supplied string for the gotoURL function call. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web...
Microsoft Win32k Graphics Remote Code Execution (CVE-2017-8682)
A remote code execution vulnerability exists in Windows font library. The vulnerability is due to the way Windows font library improperly handles specially crafted embedded fonts. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TTF file...
Jenkins CI Server Multiple Cross-Site Request Forgery (CVE-2017-1000356)
Multiple Cross-Site Request Forgery vulnerabilities exists in Jenkins CI. The vulnerabilities are due to a lack of CSRF protections on certain types of requests. A remote, unauthenticated attacker can exploit these vulnerabilities by enticing an authenticated user to click a maliciously crafted...
Microsoft XML Core Services Information Disclosure (MS17-022: CVE-2017-0022)
An information vulnerability exists in Microsoft XML Core Services MSXML. The vulnerability is caused when MSXML improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Adobe IExternalizable Interface Use After Free Code Execution (CVE-2016-7855)
A Use After Free vulnerability exists in Adobe IExternalizable Interface. The vulnerability is due to a reuse of a freed Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted SWF file...
Adobe Acrobat and Reader Use After Free (APSB16-33: CVE-2016-6965; CVE-2016-6967; CVE-2016-6968; CVE-2016-6969)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Squash YAML Code Execution (CVE-2013-5036)
A remote code execution vulnerability exists in Squash. The vulnerability is due to insufficient sanitization of user-supplied input while processing certain language expressions. An attacker could exploit this vulnerability by sending a crafted request to the affected software...
Microsoft Windows PDF Library Remote Code Execution (MS16-080: CVE-2016-3203; CVE-2016-3370)
An out of bound memory access vulnerability exists within Microsoft Edge PDF reader and Windows PDF Library. The vulnerability is due to an error in evaluating the correct value of a buffer. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3288)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page...
Apache Jetspeed SQL Injection (CVE-2016-0710)
An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Ipswitch WhatsUp Professional Source Disclosure (CVE-2006-2357)
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...
IBM Tivoli Storage Manager FastBack Server Opcode 1329 Buffer Overflow (CVE-2015-1924)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1329 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...
IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1332 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...
Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2493)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Information Disclosure (MS15-094: CVE-2015-2483)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
IBM Lotus Domino BMP Color Palette Stack Buffer Overflow (CVE-2015-1903)
A stack buffer overflow vulnerability has been reported in IBM Lotus Domino. The vulnerability is due to improper bounds checking while parsing a BMP image with an overly large color palette. A remote attacker could trigger this flaw by sending a specially crafted BMP file...
Microsoft Graphics Component Remote Code Execution (MS15-080:CVE-2015-2456)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted TTF files. A remote attacker can exploit this issue by enticing a user to view TFF files in shared content...
Panasonic Security API SDK Iprosapi ActiveX Control Buffer Overflow (CVE-2015-4647)
A buffer overflow vulnerability exists in the Ipropsapi ActiveX Control component of the Panasonic Security API SDK. The vulnerability is due to an error when processing the FilePassword property. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted...
Microsoft Internet Explorer MHTML Content Blocks Information Disclosure - Ver2 (CVE-2011-0096)
MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Microsoft Windows MHTML protocol. The vulnerability is due to the way MHTML interprets MIME-formatted...