13538 matches found
Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)
A remote code execution vulnerability has been reported in ForemanRed Hat OpenStack. The vulnerability is due to improper sanitization of certain parameters. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation would allow an...
Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)
A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...
Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)
A buffer overflow vulnerability exists in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability may lead to memory corruption in such a way that will allow code execution in the context of the current user...
Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution (MS06-037; CVE-2006-1308)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
Microsoft Excel Malformed Range Code Execution (MS06-012; CVE-2005-4131)
Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...
Update Protection against UltraVNC VNCViewer Authenticate Buffer Overflow
A buffer overflow vulnerability was reported in multiple Virtual Network Computing VNC based applications. Virtual Network Computing VNC is a graphical desktop sharing technology desigend to remotely control another computer. The flaw is due to improper validation of length value in network...
Microsoft Visual Basic ActiveX Controls Remote Code Execution (MS08-070; CVE-2008-3704; CVE-2008-4252; CVE-2008-4253; CVE-2008-4254; CVE-2008-4255; CVE-2008-4256)
Visual Basic is an event-driven programming language that was created by Microsoft for building stand alone Windows-based programs. Developers can use it for quickly building GUI applications. Several remote code execution vulnerabilities have been reported in Microsoft Visual Basic: CVE-2008-425...
Office Files (CVE-2006-1308; CVE-2006-1540; CVE-2006-3431; CVE-2007-0934; CVE-2007-0936)
...
GE MDS PulseNET XML External Entity Expansion (CVE-2018-10613)
An XML external entity expansion vulnerability exists in GE MDS PulseNET. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...
Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)
A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...
Airspan AirSpot 5410 Command Injection (CVE-2022-36267)
A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Veeam Backup and Replication Authentication Bypass (CVE-2022-26501)
An authentication bypass vulnerability exists in Veeam Backup and Replication. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Microsoft Windows Parse Server Prototype Pollution (CVE-2022-24760)
A prototype pollution vulnerability exists in Microsoft Windows Parse Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Oracle MySQL Cluster Buffer Overflow (CVE-2022-21279)
A buffer overflow vulnerability exists in Oracle MySQL. The vulnerability exists in the MySQL NDB Cluster component...
WordPress WooCommerce Gutenberg Blocks Plugin SQL Injection (CVE-2021-32789)
An SQL injection vulnerability exists in WordPress WooCommerce Gutenberg Blocks Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
WordPress Asgaros Forum Plugin SQL Injection (CVE-2021-24827)
An SQL injection vulnerability exists in WordPress Asgaros Forum plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
UDP Technology IP Camera Command Injection (CVE-2021-33544)
A command injection vulnerability exists in UDP Technology IP Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WordPress BuddyPress Plugin Privilege Escalation (CVE-2021-21389)
A privilege escalation vulnerability exists in WordPress BuddyPress Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Ming-Soft MCMS SQL Injection (CVE-2020-23262)
An SQL injection vulnerability exists in Ming-Soft MCMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Web Servers Directory Traversal Attempt (CVE-2020-10631; CVE-2020-13158; CVE-2020-13886; CVE-2020-3240)
A directory traversal vulnerability exists in web servers. Successful exploitation of this vulnerability could result in information disclosure or execution of arbitrary code...
Microsoft Exchange Memory Corruption (CVE-2020-16875)
A memory corruption vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ZeroMQ libzmq Buffer Overflow (CVE-2019-13132)
A buffer overflow vulnerability exists in ZeroMQ libzmq. Successful exploitation of this vulnerability could allow the execution of arbitrary code on the target machine...
ASUSWRT LAN Backdoor Remote Command Execution (CVE-2014-9583)
A remote command execution vulnerability exists in Asuswrt. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032) - Ver2 (CVE-2004-0209)
The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...
Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)
A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...
AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)
Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...
ISPConfig Authenticated Arbitrary PHP Code Execution (CVE-2013-3629)
A code execution vulnerability has been reported in ISPConfig. The vulnerability is due to a flaw in the /content.php script that is triggered when parsing language files. An attacker could trigger this flaw via a specially crafted language file. Successful exploitation of this vulnerability coul...
Microsoft Windows Cinepak Codec Remote Code Execution (MS10-055) - Ver2 (CVE-2010-2553)
The Cinepak codec is a media encoder and decoder supported by the Windows Media Player. A remote code execution vulnerability has been reported in the way the Cinepak codec handles supported format files. The vulnerability is due to an error in the Cinepak codec that fails to properly handle...
Internet Explorer Option Element Memory Corruption (MS11-081) - Ver2 (CVE-2011-1996)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access objects that have not been initialized or have been deleted. A remote attacker could trigger this vulnerability by enticing an...
Microsoft Embedded OpenType Font Parser Directory Entry Code Execution - Ver2 (CVE-2009-2514)
A code execution vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft DirectX Crafted MJPEG Stream Handling Code Execution - Ver2 (CVE-2008-0011)
A code execution vulnerability has been reported in Microsoft DirectX application framework. The vulnerability is due to the way DirectX handles specially crafted MJPEG streams. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted ASF or AVI file,...
Cisco Prime Data Center Network Manager FileUploadServlet Arbitrary File Upload (CVE-2013-5486; CVE-2019-1620)
An arbitrary file upload vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadServlet when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to...
Nagios statuswml.cgi Command Execution (CVE-2009-2288)
An arbitrary command execution vulnerability has been reported in Nagios...
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution (CVE-2013-4983)
A command injection vulnerability has been reported in Sophos Web Protection Appliance. The vulnerability is due to sblistpack component, reachable from the web interface without authentication. An unauthenticated remote attacker could execute arbitrary OS commands on the Sophos appliance...
VMware OVF Tool Format String Vulnerability (CVE-2012-3569)
A format string vulnerability has been reported in VMware OVF Tool...
Internet Explorer Same ID Property Remote Code Execution (MS12-037; CVE-2012-1875)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object that has been deleted. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a...
7T Interactive Graphical SCADA System Arbitrary File Execution (CVE-2011-1566)
A file execution vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to execute...
Oracle Database DBMS_JVM_EXP_PERMS System Command Execution (CVE-2010-0866; CVE-2010-0867)
Oracle Database server is an enterprise-level relational database application suite. A privilege escalation vulnerability exists in Oracle Database server that can allow users with limited privileges to execute arbitrary operating system commands on a target server. The vulnerability is due to an...
Kaseya Unitrends Backup Remote Code Execution (CVE-2017-12478)
A remote code execution vulnerability exists in Kaseya Unitrends Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Grafana Directory Traversal (CVE-2021-43798)
A directory traversal vulnerability exists in Grafana. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
F5 BIG-IP Remote Code Execution (CVE-2021-22986; CVE-2021-22987; CVE-2022-1388)
A remote code execution vulnerability exists in F5 BIG-IP devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHP-Fusion downloads.php Privilege Escalation (CVE-2020-24949)
A privilege escalation vulnerability exists in PHP-Fusion. The vulnerability is due to insufficient validation of HTTP request parameters in downloads.php...
VMware Cloud Director Remote Code Execution (CVE-2020-3956)
A remote code execution vulnerability exists in VMware Cloud Director. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Horde Groupware PHP File Inclusion (CVE-2020-8866)
A file inclusion vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess Buffer Overflow (CVE-2019-13556)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within giffconv.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Jenkins Git Client Plugin Remote Code Execution (CVE-2019-10392)
A remote code execution vulnerability exists in Jenkins Git Client Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
NETGEAR DGN2200 Remote Code Execution (CVE-2017-5521; CVE-2017-6077)
A remote code execution vulnerability has been reported in NETGEAR DGN2200 routers. Successful exploitation could lead to arbitrary code execution...
Dasan GPON Router Authentication Bypass (CVE-2018-10561)
An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
VIPA Controls WinPLC7 recv Stack-based Buffer Overflow (CVE-2017-5177)
A stack-based buffer overflow exists in VIPA Controls WinPLC7. The vulnerability is due to improper validation of a length field within received TCP packet data before copying the contents to a stack-based buffer. A remote attacker could exploit this vulnerability by sending maliciously crafted...
Tuleap PHP Unserialize Code Execution (CVE-2014-8791)
This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...