13538 matches found
Microsoft Win32k Elevation of Privilege (CVE-2019-1408)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft SharePoint Remote Code Execution (CVE-2019-1257)
A remote code execution vulnerability exists in Microsoft Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Integer Overflow (APSB19-41: CVE-2019-8101)
An integer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Palo Alto Networks GlobalProtect SSL VPN Remote Code Execution (CVE-2019-1579)
A Remote Code Execution vulnerability exists in Palo Alto Networks GlobalProtect SSL VPN Gateway. An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a vulnerable SSL VPN target. Successful exploitation of this vulnerability would allow remote...
Microsoft Windows Kernel Elevation of Privilege (CVE-2019-1041)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Elevation of Privilege (CVE-2019-1053)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-1005)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Storage Service Elevation of Privilege (CVE-2019-0931)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2019-0884)
A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Use After Free (APSB19-18: CVE-2019-7761)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Kernel Information Disclosure (CVE-2019-0844)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
HPE Moonshot Provisioning Manager Appliance Directory Traversal (CVE-2017-8976)
A directory traversal vulnerability exists in HPE Moonshot Provisioning Manager Appliance. The vulnerability is due to an input validation flaw when processing parameter. Successful exploitation could result in arbitrary code execution...
Microsoft Windows Data Sharing Service Elevation of Privilege (CVE-2019-0573)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockwell Automation Allen-Bradley PowerMonitor 1000 Cross-Site Scripting (CVE-2018-19615)
A XSS injection vulnerability exists in Rockwell Automation Allen-Bradley PowerMonitor login page. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...
Trend Micro Control Manager GetProductCategory SQL Injection (CVE-2018-3602)
An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input HTTP parameter...
NUUO NVRMini2 Remote Code Execution (CVE-2018-1149)
A buffer overflow vulnerability exists in the HTTP interface of NUUO's NVRMini2 Network Video Recording systems. A remote unauthenticated attacker may use this vulnerability to execute arbitrary code on the vulnerable server...
Microsoft Win32k Elevation of Privilege (CVE-2018-8282)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache HTTP Server Token Out Of Bounds Read (CVE-2017-5797) - Ver2
A out of bounds read vulnerability exists in Apache HTTP Server. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Microsoft Excel Remote Code Execution (CVE-2018-8248)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2018-8164)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2018-8165)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows DNSAPI NSEC3 Heap-based Buffer Overflow (CVE-2017-11779) - Ver2
A heap-based buffer overflow vulnerability exists in the DNSAPI component of Microsoft Windows. The vulnerability is due to insufficient validation of certain components of NSEC3 records. A remote attacker could exploit this vulnerability by sending a malicious DNS response directly to the target...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-1001)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0990)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Email Subscribers Newsletters Plugin Information Disclosure (CVE-2018-6015)
An Information Disclosure vulnerability exists in WordPress Email Subscribers & Newsletters plugin. Successful exploitation of this vulnerability would allow a remote attacker to the download the entire e-mail subscriber list from affected system...
Adobe Acrobat and Reader Heap Overflow (APSB18-02: CVE-2018-4910)
A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Scripting Engine Memory Corruption (CVE-2018-0858)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Remote Code Execution (CVE-2018-0842)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0134)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Edge DoLoopBodyStart Out of Bounds Read (CVE-2017-11811)
An out-of-bounds read vulnerability exists in Microsoft Edge. The vulnerability is due to improper handling of objects in memory...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11800)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows GDI Information Disclosure (CVE-2017-0190)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device InterfaceGDIhandles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11260)
A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image conversion engine when processing Enhanced Metafile Format EMF private data. A remote attacker may exploit this vulnerability by using the out of bounds access for unintended...
HPE Intelligent Management Center dbman FileTrans Arbitrary File Write (CVE-2017-5822)
An arbitrary file write vulnerability has been reported in the dbman component of HPE Intelligent Management Center. The vulnerability is due to lack of authentication on FileTrans commands, used to transfer files to the host running dbman. A remote, unauthenticated attacker can exploit the...
HPE Network Automation PermissionFilter Authentication Bypass (CVE-2017-5812)
An authentication bypass vulnerability has been reported in HPE Network Automation. The vulnerability is due to errors in handling specific strings contained in the request URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
Microsoft Edge asm.js Type Confusion (CVE-2017-0093)
A type confusion vulnerability has been reported in Microsoft Edge Scripting Engine. The vulnerability is due to improper parsing of eval function arguments when it accesses an asm.js function. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0088)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7213)
A use-after-free vulnerability exists in Microsoft Office. This vulnerability could be triggered by a corrupted Excel file. Successful exploitation of this issue could grant an attacker remote code execution...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7232)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7203)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Graphics Component Remote Code Execution (MS16-120; CVE-2016-3393)
A remote code execution vulnerability has been reported in Microsoft Windows Graphics Component. The vulnerability is due to the improper handling of objects in the memory.A remote attackers could exploit this vulnerability by enticing users to view a specially crafted web page, or a document fil...
Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...
Microsoft Edge Memory Corruption (MS2016-08: CVE-2016-3294)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Windows Elevation of Privilege (MS16-111: CVE-2016-3306)
An elevation of privilege vulnerability exists in Microsoft Windows Server. The vulnerability is caused when Microsoft Windows fails to handle executable programs being ran by two users. A remote attacker can exploit this issue by enticing a victim to run a specially crafted file...
Symantec Integer Overflow in TNEF decoder (CVE-2016-3645)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
Apache Struts XSLTResult File Inclusion (CVE-2016-3082)
A file inclusion vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to a failure to validate user's input when stylesheet is being passed as a request parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...
Microsoft Edge Memory Corruption (MS16-052: CVE-2016-0191)
A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to a use of uninitialized pointer. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would...
Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0164)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web pa...
Unitronics UniDownloader and VisiLogic OPLC IDE IPWorksSSL.HTTPS Memory Corruption (CVE-2015-7905)
A memory corruption vulnerability exists in Unitronics, VisiLogic OPLC IDE and UniDownloader. The vulnerability is due to untrusted pointer dereference on the SSLCertHandle parameter of the IPWorksSSL.HTTPS ActiveX control. A remote attacker could exploit this vulnerability by enticing a vulnerab...