13538 matches found
Microsoft Office Malformed Routing Slip Code Execution (CVE-2006-0009)
Microsoft Office is a popular productivity suit released by the Microsoft Corporation. It includes a text processor, a spreadsheet application, a presentation editor, and a number of other components. Office document files contain a common section that stores metadata such as the author,...
Microsoft SQL Server CONVERT Function Buffer Overflow (MS08-040; CVE-2008-0086)
Microsoft SQL Server is a relational database management system RDBMS. Microsoft SQL Server uses Transact-SQL T-SQL, a proprietor extension to Structured Query Language SQL, for querying and modifying data and managing databases. SQL Server can be remotely accessed via the Tabular Data Stream TDS...
Oracle Database Server XML Database Buffer Overflow (CVE-2003-0727)
...
Fortinet FortiOS Improper Access Control (CVE-2018-13374)
An improper access control vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...
AnyDesk Software AnyDesk GUI Remote Code Execution (CVE-2020-13160)
A remote code execution vulnerability exists in AnyDesk Software AnyDesk GUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Laravel Ignition Remote Code Execution (CVE-2021-3129)
A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
KLog Server Command Injection (CVE-2020-35729)
A command injection vulnerability exists in KLog Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Dolibarr Persistent Cross Site Scripting (CVE-2020-13094)
A persistent cross site scripting vulnerability exists in Dolibarr. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
devcert Module Command Injection (CVE-2020-8186)
A command injection vulnerability exists in devcert module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Liferay Portal Insecure Deserialization (CVE-2020-7961)
An insecure deserialization vulnerability exists in Liferay Portal. This vulnerability is due to improper sanitization of user-supplied data in the JSONWebServiceActionParameters class...
phpMyAdmin Cross-Site Request Forgery (CVE-2019-12616)
A cross-site request forgery vulnerability exists in phpMyAdmin. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...
HP Data Protector Backup Client Service Code Execution - Ver2 (CVE-2011-0922)
HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The backup agent supports various message types in its communication with clients in...
Jenkins CI Server Commons-Collections Library Insecure Deserialization (CVE-2015-8103)
An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0040)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal (CVE-2014-8741)
A directory traversal vulnerability exists in Lexmark MarkVision Enterprise. The vulnerability is due to an input validation issue when processing user supplied data used for writing files to the system by the GfdFileUploadServlet servlet. A remote unauthenticated attacker could exploit this...
Microsoft Internet Explorer createTextRange Denial of Service - Ver2 (CVE-2006-1359)
A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...
Microsoft IIS Request Header Buffer Overflow (MS10-065; CVE-2010-2730)
A code execution vulnerability exists in Microsoft Internet Information Services IIS when FastCGI is enabled. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the IIS Worker process. The vulnerability is due ...
ISC DHCP Server Denial of Service And Buffer Overflow (CVE-2004-0460; CVE-2006-3122; CVE-2010-2156)
The Internet Software Consortium ISC DHCP server is a popular and widely used implementations of the server side of the DHCP protocol. The Dynamic Host Configuration Protocol DHCP protocol is used to centrally manage and automate the assignment of IP addresses on a network. A denial of service an...
LibreNMS addhost Command Injection (CVE-2018-20434)
A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...
PHP Event Calendar SQL Injection (CVE-2021-42077)
An SQL injection vulnerability exists in PHP Event Calendar. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
BillQuick Website SQL injection (CVE-2021-42258)
An SQL injection vulnerability exists in BillQuick Website. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)
Arbitrary Command Injection Over HTTP Traffic...
HPE Integrated Lights-Out 4 Authentication Bypass (CVE-2017-12542)
An authentication bypass vulnerability exists in HPE Integrated Lights-Out 4. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code...
Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)
A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...
Symantec Endpoint Protection Manager Open Redirect Report-Routing Component (CVE-2016-5304)
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. A remote attacker could exploit these...
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)
An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...
ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure (CVE-2014-7863)
An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can...
Western Digital Arkeia Remote Code Execution (CVE-2014-2846)
A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...
Corel PDF Fusion XPS Stack Buffer Overflow (CVE-2013-3248)
A code execution vulnerability exists in Corel PDF Fusion...
HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution (CVE-2013-4811)
A vulnerability has been reported in HP ProCurve Manager SNAC...
Novell ZENworks Mobile Management MDM.php Code Execution (CVE-2013-1081)
A code execution vulnerability has been reported in ZENworks' Mobile Management system...
Internet Explorer Col Element Remote Code Execution (MS12-037; CVE-2012-1876)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access a non-existent object. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially...
Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)
A command execution vulnerability has been reported in Apache Struts 2...
CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)
CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...
Microsoft PowerPoint Legacy File Parsing Memory Corruption (MS10-088; CVE-2010-2572)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to an integer underflo...
CA XOsoft Multiple Products xosoapapi.asmx Buffer Overflow (CVE-2010-1223)
CA ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, data migration, and threat management. A buffer overflow vulnerability has been...
Microsoft Windows Win32k EOT Parsing Integer Overflow (MS09-065; CVE-2009-2514)
Microsoft Windows kernel, the core of the operating system, contains a device driver win32k.sys. This device driver is an important component that controls window displays, receives keyboard and device input, offers functions for graphic output devices, and provides many other valuable services...
Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow (CVE-2009-3031; CVE-2009-3033)
Symantec Altiris Deployment Solution software provides tools to deploy software on desktops and servers. It runs on Windows platforms, offering Operating System OS deployment, configuration, software deployment across hardware platforms and OS types, among other tasks. This product can be used...
Update Protection against HP Power Manager Remote Code Execution
A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...
Microsoft Office Excel Featheader Record Memory Corruption (MS09-067; CVE-2009-3129)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...
ASPX Spy (CVE-2008-1436; CVE-2009-0078; CVE-2009-0079; CVE-2009-0080)
ASPX Spy, is an ASPX program that allows easy control over a compromised web server. Using this program, an attacker can upload files through the web browser and execute them. A remote attacker may exploit web application vulnerabilities that will allow him to upload the ASPX Spy tool to a target...
Update Protection against Roundcubemail PHP Arbitrary Code Injection
A vulnerability has been identified in RoundCube Webmail, a browser-based IMAP client. The vulnerability could be triggered via a specially crafted POST request to compromise a vulnerable web server...
Sun Solaris Telnet Service Unauthorized Remote Login (CVE-2007-0882)
A vulnerability has been reported in Sun Solaris telnet daemon. The vulnerability is due to an error in the Sun Solaris telnet daemon in.telnetd that fails to properly validate authentication information prior to passing it to the 'login' process. An attacker can exploit this flaw to bypass...
D-Link Central WiFiManager CWM-100 Remote Code Execution (CVE-2019-13372)
A remote code execution vulnerability exists in D-Link Central WiFiManager CWM-10. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Part-DB Project Unrestricted File Upload (CVE-2022-0848)
An unrestricted file upload vulnerability exists in Part-DB Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech iView Command Injection (CVE-2022-2143)
A command injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation of the backupfilename parameter while updating NetworkServlet database...
Craft CMS Command Injection (CVE-2020-9757)
A Command Injection vulnerability exists in Craft CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Stivasoft Fundraising Script SQL Injection (CVE-2020-22223; CVE-2020-22225; CVE-2020-22226)
An SQL injection vulnerability exists in Stivasoft Fundraising Script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
PlaySMS index.php Remote Code Execution (CVE-2020-8644)
A remote code execution vulnerability exists in PlaySMS. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system...