13538 matches found
FreeBSD NFS Server Denial of Service (CVE-2018-17158; CVE-2018-17157; CVE-2018-17159)
A denial-of-service vulnerability exists in the NFS Server component. The vulnerability is due to improper handling of various NFS requests within function. Successful exploitation could exhaust all available memory, resulting in denial-of-service conditions...
Microsoft Windows Codecs Library Information Disclosure (CVE-2018-8506)
An information disclosure vulnerability exists in Windows Codecs Library. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted image file. Successful exploitation could result in the...
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2019-1214)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1256)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress MapSVG Lite Plugin Cross Site Request Forgery (CVE-2019-1000003)
A cross site request forgery vulnerability exists in WordPress MapSVG Lite plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the effected system...
DSLR Cameras PTP/IP Multiple Buffer Overflow Vulnerabilities (CVE-2019-5994; CVE-2019-5999; CVE-2019-6000)
Multiple buffer overflow vulnerabilities exist in DSLR cameras. A remote attacker can exploit this vulnerability by sending specially crafted PTP/IP packets. Successful exploitation of these vulnerabilities could allow arbitrary code execution or a system crash...
Microsoft Remote Desktop Services Remote Code Execution (CVE-2019-0708)
A remote code execution vulnerability exists in Microsoft Remote Desktop Services – formerly known as Terminal Services. A remote attacker may exploit this issue by sending a sequence of specially crafted RDP packets to an affected system. Successful exploitation of this vulnerability could allow...
Microsoft Browser Memory Corruption (CVE-2019-0940)
A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cisco IOS SNMP Remote Code Execution (CVE-2017-6736)
A remote code execution vulnerability exists in Cisco IOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Use After Free (APSB19-17: CVE-2019-7088)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Graphics Components Remote Code Execution (CVE-2019-0822)
A remote code execution vulnerability exists in Microsoft Microsoft Graphics Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Information Disclosure (CVE-2019-0814)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Adobe Acrobat and Reader Out-of-Bounds Read (APSB19-17: CVE-2019-7116)
An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
LAquis SCADA Web Server PAGINA Command Injection (CVE-2018-18992)
A command injection vulnerability exists in SCADA. The vulnerability is due to improper handling of specific PAGINA parameter submitted in requests. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0769)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0591)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0593)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Information Disclosure (CVE-2019-0676)
An information disclosure vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
IDenticard PremiSys Default Database Credentials (CVE-2019-3909)
Default database username and password exist in the IDenticard PremiSys database . The vulnerability is due to users are unable to change these passwords without vendor intervention. A remote attacker can exploit this vulnerability to access the database with administrator privileges...
Microsoft Windows Kernel Information Disclosure (CVE-2018-8408)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
phpMyAdmin index.php Local File Inclusion (CVE-2018-12613)
A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of the request URI. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to information...
Microsoft MS XML Remote Code Execution (CVE-2018-8420)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Security Feature Bypass (CVE-2018-8470)
A security feature bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the mixed content warning security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected versi...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8266)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Intelligent Management Center dbman BackupZipFile Command Injection - Ver2 (CVE-2017-5820)
A command injection vulnerability exist in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling BackupZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...
WS-FTP Command Execution (CVE-2004-1885) - Ver2
A command execution vulnerability exists in WS-FTP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WS-FTP Denial-of-service (CVE-2004-1848) - Ver2
A denial-of-service vulnerability exists in WS-FTP. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Internet Explorer Memory Corruption (CVE-2018-8249)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess SCADA gmicons.asp picfile Arbitrary File Upload (CVE-2017-16736)
An arbitrary file upload vulnerability exists in Advantech WebAccess SCADA software. The vulnerability is due to insufficient input validation of the picfile parameter within gmicons.asp...
Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure (CVE-2018-1308)
An XML external entity expansion vulnerability has been reported in Apache Solr. The vulnerability is due to improper handling of XML external entities in XML content submitted to the DataImportHandler. A remote attacker can exploit this vulnerability by submitting a crafted request to the target...
HPE Operations Orchestration backwards-compatibility beanutils Insecure Deserialization (CVE-2017-8994)
An insecure deserialization vulnerability exists in HPE Operations Orchestration. The vulnerability is due to the incomplete fix for deserialization of untrusted data in backwards-compatibility servlets...
HPE Intelligent Management Center Arbitrary File Upload (CVE-2017-8961) - Ver2
A directory traversal vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0988)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0993)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel Remote Code Execution (CVE-2018-1011)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel Remote Code Execution (CVE-2018-1029)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Out-of-bounds read (APSB18-02: CVE-2018-4883)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow (CVE-2017-5112)
A heap buffer overflow vulnerability exists in the WebGL component of Google Chrome. This vulnerability is due to a missing bounds check after calculating a user-controlled offset into a heap buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously craft...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16404)
A Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the computation that writes data past the end of the intended buffer. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code...
Microsoft Win32k Elevation of Privilege (CVE-2017-8689)
An elevation of privilege vulnerability exists in Windows Kernel-Mode Driver. The vulnerability is due to an error in the way Microsoft Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kern...
Microsoft Office WordPerfect Document Converter Heap-based Buffer Overflow (CVE-2017-8744)
A heap-based buffer overflow vulnerability exist in WordPerfect Document Converter component of Microsoft Office. The vulnerability is due to improper validation of the document data prior to copying it to a heap-based buffer. A remote attacker could exploit the vulnerability by enticing a victim...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8657)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Phamm helpers.php Cross-Site Scripting (CVE-2017-0378)
A reflected cross-site scripting vulnerability exists in Phamm. The vulnerability is due to insufficient validation of user-supplied input within views/helpers.php. A remote, unauthenticated attacker could exploit this vulnerability by enticing an user to click a maliciously crafted link or open ...
Kaspersky Anti-Virus for Linux File Server getReportStatus Directory Traversal (CVE-2017-9812)
A directory traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability is due to a lack of proper validation of a user-supplied path when a request is sent to check the status of a report. A remote, authenticated attacker can exploit this vulnerability by...
HPE Intelligent Management Center dbman BackupZipFile Command Injection (CVE-2017-5820)
A command injection vulnerability exist in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling BackupZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...
IBM Domino IMAP Mailbox Name Stack Buffer Overflow (CVE-2017-1274)
A stack buffer overflow vulnerability exist in IBM Domino IMAP Server. The vulnerability is due to incorrect processing of encoded mailbox name arguments in IMAP commands. A remote, authenticated attacker can exploit this vulnerability to cause a buffer overflow...
Foxit PDF Reader JBIG2 Symbol Dictionary Out of Bounds Read (CVE-2016-8334)
An out-of-bounds vulnerability has been reported in the JBIG2 component of Foxit PDF Reader. This vulnerability is due to improper processing of Symbol Dictionary segment in an embedded JBIG2 image. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious...
Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230)
A directory traversal vulnerability has been reported in Oracle Fusion Middleware MapViewer. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploaderServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HT...
Microsoft Windows COM Elevation of Privilege (CVE-2017-0214)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way Windows validate input before loading type libraries. A remote attacker can exploit this vulnerability to execute arbitrary code...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)
A Use-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates the assignment of dynamic-array variables. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...