13538 matches found
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0770)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)
An authentication bypass vulnerability exists in WordPress Userpro Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Technicolor TD5336 Router Remote Code Execution (CVE-2017-14127)
A remote code execution vulnerability is exist in Technicolor router. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11802)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Trend Micro OfficeScan Proxy.php Command Injection (CVE-2017-11394)
A command injection vulnerability exists in Trend Micro's OfficeScan. The vulnerability is due to improper validation of HTTP parameters within the Proxy.php script. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the vulnerable system...
Adobe Flash Player Security Bypass (APSB17-23: CVE-2017-3085)
A security bypass vulnerability exists in Adobe Flash Player. The vulnerability is due to insufficient redirection checks when performing URL redirect. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
MediaWiki SyntaxHighlight Option Injection (CVE-2017-0372)
A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target, potentially leading to arbitrary code execution...
Cisco Prime Collaboration Provisioning ScriptMgr Authentication Bypass (CVE-2017-6622)
An authentication bypass vulnerability has been reported in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to ScriptMgr servlet. A remote, unauthenticated attacker can exploit this vulnerability by sending ...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0259)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the Windows kernel improperly initializing objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0220)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0167)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0090)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Windows DirectShow Information Disclosure (MS17-021: CVE-2017-0042)
An information disclosure vulnerability exists in Windows DirectShow. The vulnerability is due to the way Windows DirectShow handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0086)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
OpenSSH sshd auth_passwd Denial of Service (CVE-2016-6515)
A denial of service vulnerability has been discovered in OpenSSH. The vulnerability is due to not limiting the password length during authentication of users in the authpasswd module. A remote, unauthenticated attacker could exploit this vulnerability by supplying a specially crafted password as...
HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)
An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet...
Microsoft Edge Memory Corruption (MS16-145: CVE-2016-7286)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption...
Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7224)
Multiple elevation of privilege vulnerabilities exist in the Windows VHDMP kernel driver. The vulnerability is due to the way driver fails to properly handle user access to certain files. An attacker can exploit this vulnerability by gaining access to the local system and executing a specially...
Adobe Reader Memory Corruption (APSB16-33: CVE-2016-6974; CVE-2016-6975; CVE-2016-6976; CVE-2016-6977)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Microsoft Office Memory Corruption (MS16-121: CVE-2016-7193)
A buffer overflow vulnerability exists in the Word's RTF parser. The vulnerability is due to invalid parsing of RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (MS16-119: CVE-2016-7190)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)
An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...
Microsoft Internet Explorer Memory Corruption (MS16-084 : CVE-2016-3259)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3207)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Internet Explorer Scripting Engine Memory Corruption (MS16-051: CVE-2016-0187)
A use-after-free vulnerability was detected in Microsoft Internet Explorer in the handling of BooleanProtoObj objects. The underlying vulnerability lies in jscript!JSONStringifyArray where a previously released object is reused...
Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)
A security bypass vulnerability exists in Skype for Business and Lync Servers. The vulnerability is due to improper sanitizing of specially crafted content. A remote attacker could trigger this flaw by convincing a victim to open an instant message session and then send that user a message...
Labtam ProFTP Client Banner Buffer Overflow (CVE-2009-3976)
Labtam ProFTP is vulnerable to a buffer overflow, caused by improper bounds checking. A remote attacker could exploit this vulnerability via an overly long welcome message to overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the service to crash...
Microsoft Internet Explorer Information Disclosure (MS15-112: CVE-2015-6086)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Windows Winsock Elevation of Privilege (MS15-119: CVE-2015-2478)
An elevation of privilege vulnerability exists in Windows Winsock. The vulnerability is due to an error in the way windows kernel verifies memory address. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted code...
IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection (CVE-2015-1938)
A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1331 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...
Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2458)
Remote code execution vulnerabilities exist in Microsoft Windows. The vulnerability is due to an error in the way Microsoft Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. A remote attacker can exploit this issue by enticing a victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2372)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
...
Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3062; CVE-2015-3060)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...
Novell GroupWise Internet Agent iCalendar Parsing Denial of Service - Ver2 (CVE-2011-3827)
A denial-of-service vulnerability has been reported in Novell GroupWise Internet Agent. The vulnerability is due to insufficient validation of certain data when parsing a received iCalendar message. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted...
Novell CASA PAM Module Stack Buffer Overflow - Ver2 (CVE-2006-0736)
A buffer overflow vulnerability has been reported in Novell's CASA. The vulnerability is due to a boundary error in the CASA PAM handler 'pammicasa' authentication module. A remote attacker can exploit this vulnerability by gaining root access to any machine with CASA installed...
MySQL yaSSL Certificate Packet Stack Overflow - Ver2 (CVE-2009-4484)
A buffer overflow vulnerability has been reported in MySQL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Excel Sheet Name Memory Corruption - Ver2 (CVE-2007-3490)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
WebGate WESPSDK WESPDiscovery Stack Buffer Overflow (CVE-2015-2100)
A code execution vulnerability exists in WebGate WESPSDK that is shipped with multiple WebGate products. The vulnerability is due to a stack buffer overflow in the TCPDiscovery and TCPDiscovery2 methods of the WESPDiscovery.WESPDiscoveryCtrl ActiveX control. A remote attacker could exploit this...
Internet Explorer HTML Tag Memory Corruption (MS06-013) - Ver2 (CVE-2006-1188)
Microsoft Internet Explorer IE is the most widely used web browser application today. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There are numerous versions of the HTML standard that are interpreted by the...
AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)
A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0056)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Word Local Zone Remote Code Execution (MS15-022; CVE-2015-0097)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...
ActiveBar ActiveX Method Arbitrary File Write - Ver2 (CVE-2007-3883)
An Overwrite Files vulnerability has been reported in The Data Dynamics ActiveBar ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to create or overwrite files via a full pathname in the second argument to the Save method, or the first argument to the...
CA ARCserve Backup DB Engine Denial of Service - Ver2 (CVE-2008-4399)
CA ARCserve Backup products offer data protection for distributed servers, clients,databases and applications. They provide centralized control over a series of distributed operationsincluding Backup and Restore, Data Migration, and Threat Management. There exists a denial of service vulnerabilit...
RealNetworks HELIX Server Denial of Service - Ver2 (CVE-2004-0389)
A denial-of-service vulnerability has been reported in Realnetworks Helix Universal Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
InterNetNews Control Message Handling Buffer Overflow - Ver2 (CVE-2004-0045)
The InterNetNews package INN is a complete Usenet system. It includes innd, an NNTP server, and nnrpd, a newsreading server. A vulnerability exists in the NNTP server component of InterNetNews INN, which can be exploited to compromise a vulnerable system. The vulnerability is caused due to a...
Microsoft Exchange Server Outlook Web Access URL Redirection (MS14-075; CVE-2014-6336)
A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange when Microsoft Outlook Web Access OWA fails to properly validate redirection tokens. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft ASP.NET MVC Cross-Site Scripting (MS14-059; CVE-2014-4075)
A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due to the way ASP.NET MVC encodes user input. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to follow a malicious link...
Joomla Component com_rsfiles Directory traversal (CVE-2007-4504)
A directory traversal vulnerability has been reported in Joomla ComRsfiles. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...