13538 matches found
Microsoft Office Outlook mailto URI Handling Code Execution (MS08-015; CVE-2008-0110)
Microsoft Office Outlook is a personal information manager that provides an e-mail application, a calendar and task and contact management.A remote code execution vulnerability has been reported in Microsoft Office Outlook. The vulnerability is due to an error in Microsoft Office Outlook that fai...
Microsoft Visual FoxPro ActiveX Control Buffer Overflow (MS08-010; CVE-2007-4790)
Microsoft Visual FoxPro is an application development tool for building database applications. This vulnerability is due to a memory corruption error in certain ActiveX objects of Microsoft Visual FoxPro when it is used in Microsoft Internet Explorer. A remote attacker could exploit this issue by...
Microsoft Windows ICMP Fragmented Packet Denial of Service (MS08-001; CVE-2007-0066)
The Internet Control Message Protocol ICMP is one of the core protocols of the Internet protocol suite. The vulnerability is due to an error in the way that Windows Kernel processes fragmented router advertisement ICMP queries. Successful exploitation could allow a denial of service on the affect...
Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption (MS07-045; CVE-2007-3041)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer IE ActiveX control pdwizard.ocx. ActiveX controls are reusable software components based on Microsoft Component Object Model COM. To trigger the vulnerability, an attacker can create a malicious web page that...
Preemptive Protection against Mercury Mail IMAP Buffer Overflow Vulnerability
Multiple buffer overflow vulnerabilities exist in Mercury Mail Transport System. Mercury Mail Transport System is a free mail server program that supports various email access and exchange protocols, including the Internet Message Access Protocol IMAP. IMAP is a standard protocol for accessing...
Internet Explorer Undisclosed Script Handler Buffer Overflow (MS06-072; CVE-2006-5579)
Microsoft Internet Explorer IE contains a remote code execution vulnerability. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger this vulnerability to deny service from legitimate users by causing the victim's Web browser to crash or execute arbitrary code ...
Preemptive Protection against Malformed DNS Resource Records Vulnerability (MS06-041)
The Domain Name System DNS client service resolves and caches DNS names. The Microsoft DNS Client service fails to handle specific overly long resource records. An attacker could exploit the vulnerability by sending a specially crafted DNS record to an affected client. Successful exploitation cou...
Update Protection against AWStats Remote Command Execution Vulnerability
AWStats is a free tool that collects and graphically displays advanced web, ftp or mail server statistics. Lack of input validation on one of the parameters may allow an attacker to compromise a vulnerable server. Successful exploitation allows remote attackers to execute arbitrary commands under...
Update Protection against ezDatabase Remote File Inclusion Vulnerability
ezDatabase is a Web based application designed for creating online databases. A vulnerability in ezDatabase allows remote attackers to execute arbitrary PHP code via several parameters. Attackers may be able to disclose sensitive information and compromise an affected system...
Microsoft Telnet Client Information Disclosure (MS05-033; CVE-2005-1205)
...
Tenda AC15 Command Injection (CVE-2022-28557)
A command injection vulnerability exists in Tenda AC15. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Tenda M3 Router Command Injection (CVE-2022-26289)
A command injection vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Lansweeper SQL Injection (CVE-2022-21234)
An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Tenda TX9 Pro Router Command Injection (CVE-2022-29592)
A command injection vulnerability exists in Tenda TX9 Pro Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Azure Service Fabric Explorer Cross Site Scripting (CVE-2022-35829)
A cross-site scripting vulnerability exists in Microsoft Azure Service Fabric Explorer. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Jenkins Directory Traversal (CVE-2018-1999002)
A directory traversal vulnerability exists in Jenkins. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Adobe Acrobat and Reader Improper Input Validation (APSB22-39: CVE-2022-35668)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft Windows Hyper-V Elevation of Privilege (CVE-2022-35751)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2022-35750)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Google Chrome Browser V8 Memory Corruption (CVE-2017-5030)
A memory corruption vulnerability exists in Google Chrome Browser V8. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Use After Free (APSB22-32: CVE-2022-34227)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Aruba ArubaOS Memory Corruption (CVE-2022-23676)
A memory corruption vulnerability exists in Aruba ArubaOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
RiteCMS Remote Code Execution (CVE-2021-46367)
A remote code execution vulnerability exists in RiteCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Use After Free (APSB22-16: CVE-2022-28230)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Pulse Connect Secure Authentication Bypass (CVE-2021-22893)
An authentication bypass vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
TP-Link WR886N Buffer Overflow (CVE-2021-44864)
A buffer overflow vulnerability exists in TP-Link WR886N. Successful exploitation of this vulnerability could result in a denial of service of the affected system...
Zoho ManageEngine Desktop Central Authentication Bypass (CVE-2021-44515)
An authentication bypass vulnerability exists in Zoho ManageEngine Desktop Central. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
October CMS Authentication Bypass (CVE-2021-32648)
An authentication bypass vulnerability exists in October CMS. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Symantec Web Gateway Local File Inclusion (CVE-2012-2957)
A local file inclusion vulnerability exists in Symantec Web Gateway. Successful exploitation of this vulnerability could allow a remote attacker to damage user systems...
Form Tools SQL Injection (CVE-2021-38145)
An SQL injection vulnerability exists in Form Tools. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Latrix Project SQL Injection (CVE-2021-30000)
An SQL injection vulnerability exists in Latrix Project. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Internet Explorer Out-of-Bounds Write (CVE-2021-33742)
An out-of-bounds write vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the affected application...
Jenkins Claim Plugin Cross-Site Scripting (CVE-2021-21619)
A stored cross-site scripting vulnerability exists in Jenkins Claim plugin. This vulnerability is due to insufficient validation of the displayName shown in claims...
VMware vCenter Server Remote Code Execution (CVE-2021-21985)
A remote code execution vulnerability exists in VMware vCenter Server. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary code on the affected system...
Nagios XI Remote Code Execution (CVE-2019-15949)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SaltStack Salt Method Directory Traversal (CVE-2021-25282)
A directory traversal vulnerability exists in the WheelClient for Salt API, a component of SaltStack Salt. The vulnerability is due to improper validation of user-supplied in the pillarroots.write method...
Netgear ProSAFE Integer Overflow (CVE-2020-35230)
An integer overflow vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
yWorks yEd Desktop Remote Code Execution (CVE-2020-25216)
A remote code execution vulnerability exists in yWorks yEd Desktop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CmsWing Project SQL Injection (CVE-2020-20296)
An SQL injection vulnerability exists in CmsWing Project. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Audio Service Privilege Escalation (CVE-2019-1086)
A privilege escalation vulnerability exists in Microsoft Windows Audio Service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...
Nagios XI Graph Explorer Cross-Site Scripting (CVE-2020-15902)
A cross-site scripting vulnerability exists in Nagios XI. This vulnerability is due to improper validation of the link parameter in visFunctions.inc.php...
Zoho ManageEngine Applications Manager SQL Injection (CVE-2020-27995)
A SQL injection vulnerability exists in the Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in processing MyPage.do action...
Cacti utilities.php Cross-Site Scripting (CVE-2010-2544)
A cross site scripting vulnerability exists in Cacti. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2020-16913)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cisco UCS Director saveStaticConfig Directory Traversal (CVE-2020-3248)
A directory traversal vulnerability exists in Cisco UCS Directory. The vulnerability is due to insufficient validation of user input in the saveStaticConfig method...
Microsoft Windows Address Book Contact File Parsing Integer Overflow (CVE-2020-1410)
An integer overflow vulnerability has been reported in Microsoft Windows Address Book. This vulnerability is due to improper handling of Contact files. A remote attacker could exploit this vulnerability by enticing a target user to open a Windows Contacts file. Successful exploitation could resul...
DrayTek Command Injection (CVE-2020-15415)
A command injection vulnerability exists in DrayTek. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zivif Webcams Remote Code Execution (CVE-2017-17107)
A remote code execution vulnerability exists in Zivif Webcams. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Innotube ITGuard-Manager Remote Code Execution (CVE-2017-18025)
A remote code execution vulnerability exists in Innotube ITGuard-Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHP-Fusion Administration banners.php Cross-Site Scripting (CVE-2020-12438)
A stored cross-site scripting vulnerability exists in PHP-Fusion Banner feature. The vulnerability is due to improper validation of user input in HTTP requests...