13538 matches found
ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure (CVE-2014-7863)
An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can...
Western Digital Arkeia Remote Code Execution (CVE-2014-2846)
A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...
Corel PDF Fusion XPS Stack Buffer Overflow (CVE-2013-3248)
A code execution vulnerability exists in Corel PDF Fusion...
HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution (CVE-2013-4811)
A vulnerability has been reported in HP ProCurve Manager SNAC...
Novell ZENworks Mobile Management MDM.php Code Execution (CVE-2013-1081)
A code execution vulnerability has been reported in ZENworks' Mobile Management system...
Internet Explorer Col Element Remote Code Execution (MS12-037; CVE-2012-1876)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access a non-existent object. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially...
Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)
A command execution vulnerability has been reported in Apache Struts 2...
CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)
CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...
Microsoft PowerPoint Legacy File Parsing Memory Corruption (MS10-088; CVE-2010-2572)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to an integer underflo...
CA XOsoft Multiple Products xosoapapi.asmx Buffer Overflow (CVE-2010-1223)
CA ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, data migration, and threat management. A buffer overflow vulnerability has been...
Microsoft Windows Win32k EOT Parsing Integer Overflow (MS09-065; CVE-2009-2514)
Microsoft Windows kernel, the core of the operating system, contains a device driver win32k.sys. This device driver is an important component that controls window displays, receives keyboard and device input, offers functions for graphic output devices, and provides many other valuable services...
Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow (CVE-2009-3031; CVE-2009-3033)
Symantec Altiris Deployment Solution software provides tools to deploy software on desktops and servers. It runs on Windows platforms, offering Operating System OS deployment, configuration, software deployment across hardware platforms and OS types, among other tasks. This product can be used...
Update Protection against HP Power Manager Remote Code Execution
A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...
ASPX Spy (CVE-2008-1436; CVE-2009-0078; CVE-2009-0079; CVE-2009-0080)
ASPX Spy, is an ASPX program that allows easy control over a compromised web server. Using this program, an attacker can upload files through the web browser and execute them. A remote attacker may exploit web application vulnerabilities that will allow him to upload the ASPX Spy tool to a target...
Update Protection against Roundcubemail PHP Arbitrary Code Injection
A vulnerability has been identified in RoundCube Webmail, a browser-based IMAP client. The vulnerability could be triggered via a specially crafted POST request to compromise a vulnerable web server...
Sun Solaris Telnet Service Unauthorized Remote Login (CVE-2007-0882)
A vulnerability has been reported in Sun Solaris telnet daemon. The vulnerability is due to an error in the Sun Solaris telnet daemon in.telnetd that fails to properly validate authentication information prior to passing it to the 'login' process. An attacker can exploit this flaw to bypass...
D-Link Central WiFiManager CWM-100 Remote Code Execution (CVE-2019-13372)
A remote code execution vulnerability exists in D-Link Central WiFiManager CWM-10. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Part-DB Project Unrestricted File Upload (CVE-2022-0848)
An unrestricted file upload vulnerability exists in Part-DB Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech iView Command Injection (CVE-2022-2143)
A command injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation of the backupfilename parameter while updating NetworkServlet database...
Microsoft Defender Remote Code Execution (CVE-2021-42298)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Super Cache Plugin Remote Code Execution (CVE-2021-24209)
A remote code execution vulnerability exists inWordPress Super Cache Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Druid Remote Code Execution (CVE-2021-25646)
A remote code execution vulnerability exists in Apache Druid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TP-LINK Cloud Cameras Command Injection (CVE-2020-12111; CVE-2020-12109)
A command injection vulnerability exists in TP-LINK cloud cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-8636)
A memory corruption vulnerability exists in Microsoft browser. The vulnerability is due to an error in the way that Microsoft browser accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially...
Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow - Ver2 (CVE-2009-1979)
Oracle Database Server is an enterprise-level relational database application suite. A buffer overflow vulnerability exists in the Oracle Database server, the vulnerability is due to an error in the Oracle Database server that fails to sufficiently validate the length field of the AUTHSESSKEY...
Adobe Shockwave Player Director File FFFFFF88 Record Integer Overflow (CVE-2010-2876; CVE-2010-4192)
Adobe Shockwave is a multimedia player that allows users to view interactive web content such as games, business presentations, entertainment, and advertisements from the web browser. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on systems whic...
Adobe ColdFusion Directory Traversal (APSB10-18; CVE-2010-2861)
Adobe ColdFusion is a rapid application development platform that includes advanced features for enterprise integration and development of rich Internet applications. A directory traversal vulnerability has been reported in Adobe ColdFusion. The vulnerability is due to a design weakness in the...
Microsoft Outlook Express and Windows Mail Integer Overflow (MS10-030; CVE-2010-0816)
Windows Mail formerly Outlook Express is an online communication tool for use with Windows. A remote code execution vulnerability has been reported in the way that Windows Mail Client handles specially crafted mail responses. The vulnerability is caused when a common library used by Outlook Expre...
Microsoft Office Excel Featheader Record Memory Corruption (MS09-067; CVE-2009-3129)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
SSL Protections use a SSL protocol parser which uses a default port of TCP/443, but this port can be reconfigured...
TP Link Wr940N Routers Buffer Overflow (CVE-2017-13772)
A buffer overflow vulnerability exists in TP Link Wr940N Firmware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Dolibarr Website Builder Remote Code Execution (CVE-2021-33816)
A remote code execution vulnerability exists in Dolibarr Website Builder module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Froxlor SQL Injection (CVE-2021-42325)
An SQL injection vulnerability exists in Froxlor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Omron CX-One Stack Buffer Overflow (CVE-2020-27261)
A stack-based overflow exists in the CX-Position module of OMRON CX-One. The vulnerability is due to input validation error when processing NCI configuration files...
Doctor Appointment System SQL Injection (CVE-2021-27314; CVE-2021-27315; CVE-2021-27316)
An SQL injection vulnerability exists in Doctor Appointment System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Laravel Ignition Remote Code Execution (CVE-2021-3129)
A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Web Servers Cross-Site Scripting Attempt (CVE-2020-10820; CVE-2020-10821; CVE-2020-11930; CVE-2020-12256; CVE-2020-12259; CVE-2020-1943; CVE-2020-2096)
Remote attackers may attempt to exploit web servers vulnerable to cross-site scripting vulnerabilities. Successful exploitation could result in damaging user systems...
SMA Solar Technology Sunny WebBox Cross-Site Request Forgery (CVE-2019-13529)
A cross-site request forgery vulnerability exists in SMA Solar Technology Sunny WebBox. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...
PHP-Fusion Remote Command Execution (CVE-2020-24949)
A command execution vulnerability exists in PHP-Fusion. Successful exploitation of this vulnerability could allow a remote authenticated attacker to execute arbitrary commands on the affected system...
Roundcube Webmail Command Injection (CVE-2020-12641)
A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft SQL Server Remote Code Execution (CVE-2020-0618)
A remote code execution vulnerability exists in Microsoft SQL server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Redis Buffer Overflow (CVE-2019-10192; CVE-2019-10193)
A buffer overflow vulnerability exists in Redis. Successful exploitation of this vulnerability could result in the execution of arbitrary code on the affected system...
OMRON CX-One CX-Protocol Type Confusion (CVE-2018-19027)
A type confusion vulnerability exists in OMRON CX-One CX-Protocol. This vulnerability occurs due to improper parsing of the project file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Schneider Electric Modicon Multiple Information Disclosure Vulnerabilities (CVE-2018-7844; CVE-2018-7845; CVE-2019-6806)
Multiple information disclosure vulnerabilities exist in Schneider Electric Modicon. Successful exploitation of those vulnerabilities would allow a remote attacker to obtain sensitive information...
OMRON CX-One CX-FLnet Version and Node Name Heap-based Buffer Overflow (CVE-2018-8834)
A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Version and Node Name parameter of the FLN configuration file. A remote attacker could exploit these vulnerabilities by enticing a target user into opening a maliciousl...
Microsoft Internet Explorer Memory Corruption (MS16-051: CVE-2016-0189)
A use after free vulnerability exists in Microsoft Internet Explorer. The root cause is a heap corruption when dealing with a corrupted VBScript array size. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...
Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)
A remote code execution vulnerability has been reported in ForemanRed Hat OpenStack. The vulnerability is due to improper sanitization of certain parameters. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation would allow an...
Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)
A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...
Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)
A buffer overflow vulnerability exists in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability may lead to memory corruption in such a way that will allow code execution in the context of the current user...