13538 matches found
VS News System show_news_inc.php newsordner Parameter PHP Code Execution - Ver2 (CVE-2007-1017)
A code execution vulnerability has been reported in Virtualsystem Vs-news-system. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Word RTF Object Parsing Memory Corruption (MS08-072) - Ver2 (CVE-2008-4030)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Colloquy IRC Channel Invite Format String Denial of Service - Ver2 (CVE-2007-0344)
A denial-of-service vulnerability has been reported in Colloquy. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)
A command-injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user-supplied input when processing database backup commands from the Web UI. A remote, authenticated attacker could exploit this vulnerability by...
InduSoft Web Studio Unauthenticated Insecure Remote Operations Code Execution - Ver2 (CVE-2011-4051)
A code execution vulnerability has been reported in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to the absence of authentication for incoming requests to the Remote Agent service. An attacker could exploit this vulnerability by sending crafted requests to the...
Microsoft Excel RealTimeData Record Heap Corruption (MS10-038) - Ver2 (CVE-2010-1247)
Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...
Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)
A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...
Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)
A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...
Mac OS X Safari Archive Metadata Command Execution - Ver2 (CVE-2006-0397)
A command execution vulnerability has been reported in Apple Mac OS X and Apple Mac OS X Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Agent ACF File Handling Memory Corruption (MS06-068) - Ver2 (CVE-2006-3445)
A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. . The vulnerability is due to a memory corruption error in the...
Internet Explorer 70 Beta 2 BGSOUND DoS - Ver2 (CVE-2006-0544)
A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6369)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
RomPager Authorization Buffer Overflow Denial of Service (CVE-2014-9223)
A buffer overflow vulnerability exist in RomPager Web Server. A remote attacker could exploit this vulnerability by sending a crafted request to the vulnerable server causing a denial of service...
Advantech WebAccess SCADA webeye.ocx ip_address Parameter Buffer Overflow (CVE-2014-8388)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ipaddress parameter contained in the webeye.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...
Microsoft Windows Schannel Remote Code Execution (MS14-066; CVE-2014-6321)
A remote code execution vulnerability has been reported in Secure Channel Schannel security package. The vulnerability is caused when Schannel in a server system improperly processes specially crafted packets. An attacker could attempt to exploit this vulnerability by sending specially crafted...
Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6343; CVE-2015-1662)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Joomla Component com_liveticker SQL Injection (CVE-2008-6148)
An SQL injection vulnerability has been reported in Raven-worx Liveticker. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Kodak Image Viewer Code Execution (MS07-055) - ver 2 (CVE-2007-2217)
A buffer overflow vulnerability has been reported in Microsoft Windows Kodak Image Viewer. The vulnerability is due to improper parsing of specially crafted image files, such as TIFF files. An attacker can exploit this vulnerability by constructing a specially crafted image and enticing a victim ...
Sixnet Sixview Web Console Directory Traversal (CVE-2014-2976)
Sixnet Sixview contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input. With a specially crafted request, a remote attacker can gain access to arbitrary files...
CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)
A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...
Oracle Data Quality FileChooserDlg onChangeDirectory Untrusted Pointer Dereference (CVE-2014-2418)
A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscTools.FileChooserDlg ActiveX control. A remote attacker can exploit this vulnerability by enticing a user ...
Oracle Data Quality DscXB onloadstatechange Untrusted Pointer Dereference (CVE-2014-2417)
A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscXB.XB ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a...
Microsoft Office Chinese Grammar Checker Insecure Library Loading (MS14-023; CVE-2014-1756)
An insecure library loading vulnerability has been reported in Microsoft Office proofing tools. The vulnerability is due to the way that the Chinese Simplified Grammar Checker component handles the loading of dynamic-link library .dll files. A remote attacker could exploit this vulnerability by...
Microsoft Office Excel Label Record Buffer Overflow (MS11-021) - Ver2 (CVE-2011-0098)
A code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to a flaw in the parsing of Label record in Excel documents, causing a buffer overflow. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file. In ...
Microsoft Excel Corrupted Table Records Code Execution (MS10-080) - Ver2 (CVE-2010-3232)
Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. A memory corruption vulnerability has been identified in Microsoft...
Microsoft Word UPX Data Stack Validation Buffer Overflow - Ver2 (CVE-2010-3214)
A memory corruption vulnerability has been reported in Microsoft Office Word. The vulnerability is due to an error in Microsoft Word that fails to properly validate UPX structures within specially crafted Word files. Successful exploitation of this vulnerability could allow a remote attacker to...
RealNetworks RealPlayer SWF Frame Handling Buffer Overflow - ver 2 (CVE-2007-5400)
There exists a heap buffer overflow vulnerability in the RealNetworks RealPlayer product. The vulnerability is due to a design error within the handling of frames in Shockwave Flash SWF files. A remote attacker can exploit this vulnerability to create a heap overflow condition in the target...
Novell ZENworks Asset Management File Upload Directory Traversal - Ver2 (CVE-2010-4229)
A directory traversal vulnerability has been reported in Novell ZENworks. The vulnerability is due to improper handling of path names when uploading files via ZENworks Asset Management. Successful exploitation of this vulnerability would allow a remote attacker to list directories, create arbitra...
Microsoft GDI+ WMF Integer Overflow (MS09-062) - Ver2 (CVE-2009-2500)
The Microsoft Windows graphics device interface GDI enables applications to use graphics and formatted text on the video display and on the printer.Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0304)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
CCRP Control BrowseDialog Denial of Service - Ver2 (CVE-2007-0371)
A denial-of-service vulnerability has been reported in Common Controls Replacement Project Browsedialog Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
WordPress Backdoor iz Parameter Passthru (CVE-2007-1277)
A command execution vulnerability has been reported in WordPress. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft OpenType Font Index Privilege Escalation - Ver2 (CVE-2010-3956)
A privilege escalation vulnerability has been reported in the OpenType Font OTF format driver. The vulnerability is due to an error in the OpenType Font OTF format driver that fails to properly index an array when parsing OpenType fonts. A remote attacker could exploit this vulnerability via a...
CA BrightStor Arcserve Media Server Stack Buffer Overflow - Ver2 (CVE-2007-2139)
A buffer overflow vulnerability has been reported in CA BrightStor ARCserve Media Server. The vulnerability is due to insufficient boundary checking when processing crafted strings supplied in SUN RPC requests. Successful exploitation of this vulnerability could allow a remote attacker to execute...
Microsoft IIS ASP Handling Code Execution (MS08-006) - Ver2 (CVE-2008-0075)
Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of dynamic content, notably in the form...
Mac OS X Safari x-man-page URI Terminal Escape Command Execution - Ver2 (CVE-2005-1342)
A command execution vulnerability has been reported in Apple Mac OS X. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
NTR ActiveX Control StopModule() Remote Code Execution (CVE-2012-0267)
A remote code execution vulnerability has been reported in the NTR ActiveX 1.1.8...
Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193)
A remote code execution vulnerability has been reported in Internet Explorer...
Trimble Navigation SketchUp PICT File Buffer Overflow - Improved Performance (CVE-2013-3664)
A remote code execution vulnerability has been reported in Trimble SketchUp. The vulnerability is due to a stack buffer overflow while processing PICT files which contain a malicious number of ARGB entries. A remote attacker can exploit this vulnerability by enticing a target user to open a...
FreeBSD NFS Server READDIR Request Memory Corruption (CVE-2013-3266)
A memory corruption vulnerability has been reported in nfsrvdreaddir function in FreeBSD NFS server. The vulnerability is due to insufficient sanitation of READDIR requests and can result in the underlying filesystem to interpret a file as a directory. A remote attacker can exploit this...
Microsoft Internet Explorer Deleted HTML Object Code Execution (MS13-055; CVE-2013-3164)
A remote code execution vulnerability has been reported in Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3115)
A use after free vulnerability has been reported in Microsoft Internet Explorer...
Novell GroupWise Client ActiveX gwabdlg.dll Untrusted Pointer Dereference (CVE-2013-0804)
An untrusted pointer dereference vulnerability has been reported in Novell GroupWise Client for Windows...
Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow (CVE-2013-2685)
A buffer overflow vulnerability exists in Asterisk Open Source...
Apple QuickTime Plugin Content-Type Buffer Overflow - Improved Performance (CVE-2012-3753)
A stack buffer overflow vulnerability has been reported in Apple QuickTime plugin. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by enticing the target user to view a specially crafted web page. Successful exploitation would allow...
EMC NetWorker nsrindexd RPC Service Buffer Overflow (CVE-2012-4607)
A buffer overflow vulnerability has been reported in EMC NetWorker. The vulnerability is due to a boundary error when processing crafted RPC requests. A remote unauthenticated attacker could trigger this flaw by sending a crafted RPC request to the server...
Internet Explorer CTreeNode Use After Free Remote Code Execution (MS13-021; CVE-2013-1288)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Symantec Gateway Products DNS Cache Poisoning - High Confidence (CVE-2005-0817)
The Symantec Firewall has a DNS proxy service, DNSD.exe, that acts as a proxy and cache server for the DNS requests generated by internal systems...
Postfix IPv6 Relaying Security Issue (CVE-2005-0337)
There is a vulnerability in the way Postfix handles the relaying of e-mail messages A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6addresses...
Internet Explorer VML Objects Memory Corruption (MS13-009; CVE-2013-0030)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VML buffers are allocated. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially crafted web page. An attacke...