13538 matches found
OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)
A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
ManageEngine Multiple Products WsDiscoveryServlet Directory Traversal (CVE-2014-5302)
A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated...
Adobe Reader Javascript API Information Disclosure (APSB14-28: CVE-2014-8451)
An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper implementation of a Javascript API. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
Microsoft Fax Cover Page Editor Buffer Overflow - Ver2 (CVE-2010-4701)
A heap buffer overflow vulnerability has been discovered in Microsoft Windows Fax Services. The Windows Fax Service is a component that allows a Windows system to act as a Fax server. One of the tools within this fax suite is the Fax Console, which allows a user to monitor the sending and receivi...
Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)
A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...
Microsoft Windows Agent ACF File Handling Memory Corruption (MS06-068) - Ver2 (CVE-2006-3445)
A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. . The vulnerability is due to a memory corruption error in the...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6374)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Joomla Component com_content SQL Injection (CVE-2008-6923)
SQL injection vulnerability has been reported in Joomla Com Content. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Digium Asterisk HTTP Connections Denial of Service (CVE-2014-4047)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to the way HTTP sessions are being handled. A remote, unauthenticated attacker can exploit this vulnerability by establishing an excessive number of TCP connections to the configured HTTP or HTTPS port...
Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)
A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4092)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4057)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
D-Link HNAP Request Stack Buffer Overflow (CVE-2014-3936)
A remote code execution vulnerability exists in D-Link routers. The vulnerability is due to a stack buffer overflow while processing crafted HTTP POST requests addressed to the HNAP handler. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected...
Advantech WebAccess SCADA webvact.ocx GotoCmd Buffer Overflow (CVE-2014-0765)
A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This vulnerability is due to insufficient input validation on the GotoCmd parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...
Rocket Servergraph Admin Center userRequest and tsmRequest Command Execution (CVE-2014-3915)
Multiple vulnerabilities exist in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs userRequest and tsmRequest. A remote...
Adobe ColdFusion Server invoke() Method Code Execution (CVE-2013-3350)
A remote code execution has been reported in Adobe ColdFusion server. The vulnerability is due to a bug in the invoke method. A remote attacker can exploit this issue by changing values on a page hosted on the affected server...
Novell ZENworks Configuration Management PreBoot Directory Traversal (CVE-2013-3706)
A directory traversal vulnerability has been reported in Novell ZENworks Configuration Manager. The vulnerability is due to the preboot service which supports an opcode that allows files to be downloaded through directory traversal. A remote attacker can exploit this vulnerability to disclose the...
Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073) - Ver2 (CVE-2008-4258)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...
Microsoft Word Access Violation Code Execution - Ver2 (CVE-2011-1983)
A code execution vulnerability has been reported in Microsoft Office Word. The vulnerability is due to an error in the way Microsoft Word handles objects in memory. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel Record Parsing Code Execution - Ver2 (CVE-2011-3403)
A code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to improper handling of certain records in Microsoft Excel while parsing malformed Excel files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...
Microsoft Excel Biff Record PtgName Entries Code Execution (MS10-080) - Ver2 (CVE-2010-3235)
Microsoft Excel is a popular spreadsheet application. A memory corruption vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly validate formula information upon opening a specially crafted Excel file. A remote...
Microsoft Word RTF Drawing Primitives Remote Code Execution (MS08-072) - Ver2 (CVE-2008-4028)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Wim Fleischhauer Docpile INIT_PATH Parameter PHP Code Execution - Ver2 (CVE-2006-4076)
A code execution vulnerability has been reported in Wim Fleischhauer Docpile. An attacker could exploit this vulnerability via a URL in the INITPATH parameter to lib/access.inc.php, lib/folders.inc.php, lib/init.inc.php or lib/templates.inc.php. Successful exploitation of this vulnerability could...
IBM WebSphere Application Server Cross-Site Scripting - Ver2 (CVE-2009-0855)
A cross-site scripting vulnerability has been reported in IBM WebSphere Application Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
GomPlayer wav Buffer Overflow - Ver2 (CVE-2013-5716)
A buffer overflow vulnerability has been reported in Gomlab Gom Player. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0298)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Internet Explorer Mouse Drag Hijack Arbitrary File Execution - Ver2 (CVE-2004-0841)
An arbitrary file execution vulnerability has been reported in Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute and install arbitrary programs on the affected system...
FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow (CVE-2014-1452)
A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote,unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of bsnm...
Microsoft Internet Explorer Memory Corruption (MS14-010: CVE-2014-0271)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...
PHP POST File Upload Buffer Overflow - Ver2 (CVE-2002-0081)
A buffer overflow vulnerability has been reported in PHP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
There exists a design flaw in NTP servers that can allow attackers to perform DoS attacks against target machines. A remote attacker can leverage this flaw by sending a specially crafted request to an affected NTP server...
AINS function.inc.php path Parameter PHP Code Execution - Ver2 (CVE-2007-0570)
A code execution vulnerability has been reported in Johannes Gijsbers Ad Fundum Integratable News Script AINS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Internet Explorer Null Byte Information Disclosure (MS12-010) - Ver2 (CVE-2012-0012)
An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability occurs during certain processes, in which Internet Explorer incorrectly allows attackers to view content from the process memory. A remote attacker may exploit this issue by enticing target users to...
MySQL Commander dbopen.php home Parameter PHP Code Execution - Ver2 (CVE-2007-1439)
A code execution vulnerability has been reported in bitesser MySQL Commander. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Access Memory Corruption (MS13-074; CVE-2013-3155)
A remote code execution vulnerability exists in Microsoft Access...
Microsoft Access ACCDB File Memory Corruption (MS13-074; CVE-2013-3157)
A memory corruption vulnerability has been reported in Microsoft Access...
Oracle BPEL Process Manager ScriptServlet Information Disclosure (CVE-2013-3828)
A directory traversal vulnerability has been reported in Oracle BPEL Process Manager. The vulnerability is due to insufficient input validation in ScriptServlet when processing HTTP request parameters. A remote unauthenticated attacker can leverage this vulnerability to obtain sensitive informati...
Novell ZENworks Configuration Management umaninv Information Disclosure (CVE-2013-1084)
An information disclosure vulnerability exists in Novel ZENworks Configuration Management...
BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)
BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target...
Trimble Navigation SketchUp BMP File Buffer Overflow (CVE-2013-3664)
A remote code execution vulnerability exists in Trimble Navigation's Sketchup...
Microsoft Internet Explorer Memory Corruption (CVE-2013-3893)
A remote code execution vulnerability has been reported in Internet Explorer...
Microsoft Excel Memory Corruption (MS13-067; CVE-2013-1315)
A remote code execution vulnerability exists in the way that Microsoft Excel parses content in Excel files...
NTR ActiveX Control Check() Method buffer overflow (CVE-2012-0266)
A remote code execution vulnerability has been reported in the NTR ActiveX 1.1.8...
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Code Execution (CVE-2013-1559)
A remote code execution vulnerability exists in Oracle WebCenter Content...
3S Smart Software Solutions CoDeSys Gateway Server Denial Of Service (CVE-2012-4707)
A denial of service vulnerability has been reported in 3S Smart Software Solutions CoDeSys Gateway Server...
HP Intelligent Management Center IctDownloadServlet Information Disclosure (CVE-2012-5204)
An information disclosure vulnerability exists in HP Intelligent Management Center...
Internet Explorer Cache Control Heap Corruption (MS13-047; CVE-2013-3125)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Windows Print Spooler Elevation of Privilege (MS13-050; CVE-2013-1339)
An elevation of privilege vulnerability exists in Windows Print Spooler...
Microsoft Visio SVG File Information Disclosure (MS13-044) - High Confidence (CVE-2013-1301)
An information disclosure vulnerability has been reported in Microsoft Visio. The vulnerability is caused when Microsoft Visio improperly handles XML external entities that are resolved within other XML external entity declarations. An attacker who successfully exploited this vulnerability could...
Apple QuickTime ActiveX Control Clear Method Use After Free - Improved Performance (CVE-2012-3754)
A use-after-free vulnerability has been reported in Apple QuickTime's ActiveX control. The vulnerability is due to an error while handling a certain method. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted web page using Internet Explorer...