13538 matches found
Symantec Web Gateway Multiple PHP Pages Cross Site Scripting (CVE-2014-1652)
A cross-site scripting vulnerability exists in Symantec Web Gateway. Successful exploitation could result in attacker-controlled script code being executed in the browser context of the Symantec Web Gateway management console. The vulnerability is due to improper validation of "variable",...
Advantech WebAccess SQL Injection Information Disclosure (CVE-2014-0763)
Multiple vulnerabilities have been reported in Advantech WebAccess. A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server...
Microsoft SharePoint Cross-site Scripting (MS14-022; CVE-2014-1754)
An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...
Microsoft SMB Client Transaction Memory Corruption - Ver2 (CVE-2010-0270)
A memory corruption vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the Microsoft SMB client implementation that fails to properly validate fields in the SMB response. Successful exploitation of this vulnerability could allow a remote attacker to...
Lenovo Veriface III Plain Image Authentication Bypass - Ver2 (CVE-2009-0655)
An authentication bypass vulnerability has been reported in Lenovo Veriface III. Successful exploitation of this vulnerability could allow a remote attacker to bypass login authentication and gain unauthorized access to the vulnerable system...
Apple Quicktime RTSP URL Buffer Overflow - Ver2 (CVE-2007-0015)
Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying still image files as well as numerous audio and video formats. It also provides libraries and plugins for other applications, such as browsers, to read QuickTime media...
Google Android Vold Volume Manager Integer Wrap Root Exploit Privilege Escalation - Ver2 (CVE-2011-1823)
A privilege escalation vulnerability has been reported in Google Android Operating System. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Microsoft Excel SST Invalid Length Use After Free - Ver2 (CVE-2012-1887)
A use-after-free vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to an error in Microsoft Excel while handling specially crafted Excel files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...
Autodesk AutoCAD Insecure Library Loading (CVE-2014-0819)
An insecure library loading vulnerability has been reported in AutoCAD. The vulnerability is due to an improper dynamic link library DLL search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an AutoCAD file from a malicio...
GDI PNG Heap Overflow - Ver2 (CVE-2009-2501)
A buffer overflow vulnerability has been reported in GDI+. An attacker could exploit this vulnerability via a crafted PNG image file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple Webkit HTML Parsing Rowspan Denial of Service - Ver2 (CVE-2007-0342)
A denial-of-service vulnerability has been reported in Apple Mac OS X. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Adobe Multiple Products PDF JavaScript Method Buffer Overflow - Ver2 (CVE-2007-5659)
A buffer overflow vulnerability has been reported in multiple Adobe products. The vulnerability is due to insufficient input validation in certain JavaScript methods. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or...
FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow - ver 2 (CVE-2014-1452)
A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote, unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of...
Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301)
A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...
Apache Santuario XML Security for Java DTD Denial of Service (CVE-2013-4517)
A denial of service vulnerability exists in Apache Santuario XML Security for Java. The vulnerability is due to the allowing of Document Type Definitions DTDs when validating signatures. A remote attacker can exploit this vulnerability by providing a specially crafted XML signature. Successful...
Adobe Acrobat Reader customDictionaryOpen Memory Corruption - Ver2 (CVE-2009-1493)
A memory corruption vulnerability has been reported in Adobe Reader. The vulnerability is due to insufficient input validation in the implementation of the customDictionaryOpen JavaScript method. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious PD...
Microsoft PowerPoint Converter SoundEntity Record Code Execution - Ver2 (CVE-2009-1128)
A code execution vulnerability has been reported in Microsoft Office PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafted older PowerPoint 95 formatted files. A remote attacker could exploit this vulnerability by...
Oracle 9i HTTP Server Web Administration Access Privilege Escalation - Ver2 (CVE-2002-0561)
A privilege escalation vulnerability has been reported in Oracle 9i Application Server. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Comet WebFileManager CheckUpload.php Language Parameter PHP Code Execution - Ver2 (CVE-2006-4077)
A code execution vulnerability has been reported in Vincenzo Valvano Comet WebFileManager CWFM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft IIS ASP Handling Code Execution (MS08-006) - Ver2 (CVE-2008-0075)
Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of dynamic content, notably in the form...
Sybase Multiple Products Directory Traversal (CVE-2011-2474)
A directory traversal vulnerability has been reported in multiple Sybase products...
Microsoft Internet Explorer Memory Corruption (MS13-097: CVE-2013-5052)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3203)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3163)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3145)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Novell GroupWise Client ActiveX gwmim1.ocx Untrusted Pointer Dereference (CVE-2013-0804)
An untrusted pointer dereference vulnerability has been reported in the ActiveX control for Novell GroupWise Client for Windows...
WordPress Plugin Google Document Embedder Arbitrary File Disclosure (CVE-2012-4915)
A remote code execution vulnerability has been reported in Google Doc Embedder Plugin for WordPress...
Internet Explorer Text Element Use After Free (MS13-047; CVE-2013-3121)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer Multiple Dom Objects Memory Corruption (MS13-047; CVE-2013-3124)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Citadel SMTP RCPT Remote Buffer Overflow - High Confidence (CVE-2008-0394)
The Citadel Server is a mail server product geared towards small and medium size organizations. The product implements POP3, IMAP4, and SMTP services. The SMTP server module is installed and started in a default installation. There exists a buffer overflow vulnerability in Citadel SMTP Server. Th...
ACDSee FotoSlate PLP File id Parameter Overflow (CVE-2011-2595)
A parameter overflow vulnerability exists in ACDSee FotoSlate. The vulnerability is due to boundary errors in FSEngine4.dll when processing the "id" attribute certain tags. A remote attacker could trigger this flaw by tricking a victim into opening a specially crafted malicious .plp file...
Smart Software Solutions CoDeSys CmpWebServer Content-Length NULL Pointer (CVE-2011-5009)
Denial of service has been reported in Smart Software Solutions CoDeSys CmpWebServer.The vulnerability is due to insufficient validation of incoming HTTP POST requests to TCP port 8080.A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the affected...
cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)
The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...
Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)
An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...
Internet Explorer CHTML Use After Free (MS13-009; CVE-2013-0029)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Novell File Reporter FSFUI Arbitrary File Retrieval (CVE-2012-4958)
A file retrieval vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests, resulting in the retrieval of the contents of a file. A remote attacker can exploit this issue by sending a specially crafted request to the affected...
Wireshark DECT Dissector Stack Buffer Overflow (CVE-2011-1591)
A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...
Microsoft Excel SerAuxErrBar Heap Overflow (MS12-076; CVE-2012-1885)
A remote code execution vulnerability has been reported in Microsoft Excel...
RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow (CVE-2012-0942)
A buffer overflow vulnerability has been reported in RealNetworks Helix Server...
Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)
An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component...
Microsoft Windows msvcrt.dll Media File Code Execution (MS12-013; CVE-2012-0150)
A remote code execution vulnerability has been reported in Microsoft Windows...
Oracle Outside In CorelDRAW File Parser Integer Overflow (CVE-2011-2264; CVE-2011-3541)
An integer overflow vulnerability has been reported in Oracle Outside-In. The vulnerability is due to improper bounds checking of user-supplied values while parsing malicious CorelDRAW cdr files. A remote attacker may exploit this vulnerability by sending a malicious CDR file to a target user...
SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow (CVE-2007-5603)
An arbitrary code execution vulnerability has been reported in SonicWall SSL-VPN NetExtender. The vulnerability is due to insufficient length validation by an ActiveX control. A remote attacker may exploit this vulnerability by sending a specially crafted request to an affected service. Successfu...
ESTsoft ALZip MIM File Buffer Overflow (CVE-2011-1336)
A remote code execution vulnerability has been reported in ESTsoft's ALZip. The vulnerability is due to an error while parsing MIME files. A remote attacker may exploit this vulnerability by sending a specially crafted .mim file to an affected user. Successful exploitation of this vulnerability...
7T Interactive Graphical SCADA System (IGSS) Directory Traversal (CVE-2011-1565)
A directory traversal vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to read a...
Uniscribe Font Parsing Engine Remote Code Excution (MS10-063; CVE-2010-2738)
This is a memory corruption vulnerability in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. Remote attacker could trigger this flaw by enticing a user to open a specially crafted TTF file. Successful...
Adobe Audition Session File Stack Buffer Overflow (APSB11-10; CVE-2011-0614)
Adobe Audition formerly Cool Edit Pro is a digital audio workstation from Adobe Systems featuring both a multi-track, non-destructive mix/edit environment and a destructive-approach waveform editing view. A stack buffer overflow exists in Adobe Audition. The vulnerability is due to an error when...
Microsoft Windows Media Player PNG Chunk Handling Stack Overflow (MS06-024) - High Confidence (CVE-2006-0025)
An attacker can exploit this vulnerability by enticing a user to open a crafted PNG file, resulting in the possible injection and execution of arbitrary code on the target system with the privileges of the currently logged-in user. A remote stack buffer overflow vulnerability has been discovered ...
RealNetworks RealPlayer RecordClip Parameter Injection Code Execution (CVE-2010-3749)
RealNetworks RealPlayer is a cross-platform media player that supports multiple multimedia formats such as: MP3, MPEG-4, QuickTime, Windows Media, and RealAudio and RealVideo formats. RealPlayer contains many features including streaming capabilities, media browser, video download, and CD ripping...
Microsoft Windows SMB mrxsmb.sys Remote Heap Overflow (CVE-2011-0654)
A heap buffer overflow vulnerability has been reported in the Microsoft Windows Server Message Block SMB implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to create a denial of service...