13538 matches found
IBM Tivoli Storage Manager FastBack Server Opcode 1329 Directory Traversal (CVE-2015-1941)
A directory traversal vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1329 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port...
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6077)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Stack-based Buffer Overflow in Artegic Dana IRC Client (CVE-2008-2922)
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long IRC message...
Microsoft Internet Explorer Information Disclosure (MS15-106: CVE-2015-6059)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Bugzilla Mail Authentication Mechanism Bypass (CVE-2015-4499)
An authentication mechanism bypass vulnerability has been found in Bugzilla. Any unauthenticated remote attacker may leverage this vulnerability to gain access to database information regarding unpatched bugs, and exploit them to attack the affected pieces of software before security patches are...
Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2486)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory . A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Windows Graphics Component Denial of Service (MS15-097; CVE-2015-2510)
A denial of service vulnerability exists in Microsoft Windows Graphics Component. The vulnerability is due to an error while parsing certain files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...
Google Android Stagefright 3GPP Integer Underflow (CVE-2015-3828)
A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer underflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target system...
Microsoft Office Integer Underflow (MS15-081: CVE-2015-2470)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...
Microsoft Office Component Use After Free (MS15-081: CVE-2015-1642)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
Turnkey Web Tools PHP Live Helper 1.8 Remote File Inclusion (CVE-2006-1477)
A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Live Helper. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)
A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...
LANDesk Management Suite AMTVersion Cross-Site Scripting (CVE-2014-5360)
A cross-site scripting vulnerability exists in LANDesk Management Suite. The vulnerability is due to improper validation of a user-supplied parameter AMTVersion. A remote attacker could exploit this vulnerability by enticing a target user to view crafted web content...
Microsoft Office Graphics Image Filter WPG Heap Overflow - Ver2 (CVE-2008-3460)
A buffer overflow vulnerability has been reported in Microsoft Works, Microsoft Office Converter Pack and Microsoft Office. An attacker could exploit this vulnerability via a crafted WPG file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...
Microsoft Internet Explorer Table Layout Memory Corruption - Ver2 (CVE-2008-2258)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a memory corruption in the way Internet Explorer handles HTML tables. Remote attackers can entice target users to visit a malicious web page via a vulnerable version of the Internet...
Oracle Secure Backup Administration property_box.php Command Injection - Ver2 (CVE-2010-0899)
Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allows for single point of management of data present on network attached storage NAS devices and distributed hosts which may have different operating systems. The data in transit is kept secure ...
SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass (CVE-2015-2284)
A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this...
Interactive Data eSignal Listener Buffer Overflow - Ver2 (CVE-2004-1868)
eSignal is a real-time market data and support tool provided by Interactive Data Corporation. The product supplies financial market data and more for traders over the internet. To facilitate the receipt of incoming data, eSignal opens a local, listening socket on TCP Port 80. There exists a buffe...
Microsoft Internet Explorer Malformed BMP File Buffer Overrun Code Execution - Ver2 (CVE-2004-0566)
A code execution vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel Sheet Name Memory Corruption - Ver2 (CVE-2007-3490)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
Microsoft Office Component Use After Free (MS15-022: CVE-2015-0085)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
Advantech WebAccess HMI and SCADA Software CrossSite Scripting - Ver2 (CVE-2012-0233)
A cross-site scripting vulnerability has been reported in Advantech Webaccess. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow - Ver2 (CVE-2008-0660)
Facebook is a social networking website which allows its users to publish their photos. The website publishes an ActiveX control, ImageUploader4.ocx, to assist photo uploading. A buffer overflow vulnerability exists in the Facebook Photo Uploader ActiveX control. The flaw is due to a boundary err...
Novell Groupwise Addressbook Integer Overflow - Ver2 (CVE-2012-0418)
A code execution vulnerability has been reported in Novell GroupWise. The vulnerability is due to a heap buffer overflow while parsing tokens within a specially crafted Novell Address Book .nab file. A remote attacker can exploit this issue by enticing a target user to open a specially crafted .n...
Mitsubishi MCWorkX ActiveX Control File Execution Command Execution - Ver2 (CVE-2013-2817)
A command execution vulnerability has been reported in Mitsubishielectric Mc-worx Suite. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
RDesktop process_redirect_pdu BSS Overflow Buffer Overflow - Ver2 (CVE-2008-1802)
A buffer overflow vulnerability has been reported in Rdesktop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Internet Explorer 70 Beta 2 BGSOUND DoS - Ver2 (CVE-2006-0544)
A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Graphics Component Information Disclosure (MS14-085) - ver 2 (CVE-2014-6355)
An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker can exploit this vulnerability by enticing a user to download...
Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6348)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
XOOPS Module Tiny Event Remote SQL Injection (CVE-2007-1811)
An SQL injection vulnerability has been reported in Chapi Tiny Event. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_ezautos SQL Injection (CVE-2010-4929)
An SQL injection vulnerability has been reported in Joostina-cms Com Ezautos. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_mojo Remote File Include (CVE-2009-4789)
A code execution vulnerability has been reported in Mojoblog. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
XOOPS Module dictionary SQL Injection (CVE-2009-4582)
An SQL injection vulnerability has been reported in Xoops Dictionary. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_wmtpic SQL Injection (CVE-2010-4968)
An SQL injection vulnerability has been reported in Webmaster-tips Com Wmtpic. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla component com_estateagent SQL Injection (CVE-2011-4571)
An SQL injection vulnerability has been reported in Eaimproved Com Estateagent. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Internet Explorer Elevation of Privilege (MS14-056: CVE-2014-4124)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
An information disclosure vulnerability has been reported in Red Hat JBoss RESTEasy. This is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from the RESTEasy endpoint. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2823)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal (CVE-2014-2536)
A directory traversal vulnerability has been reported in the ExtensionAccessServlet included in McAfee Cloud Single Sign On. The vulnerability is due to insufficient input sanitization on the GET request URI passed to the ExtensionAccessServlet. A remote unauthenticated attacker can exploit this...
Microsoft Windows TCP Denial of Service (MS14-031; CVE-2014-1811)
A denial-of-service vulnerability exists in Microsoft Windows and Windows Server. The vulnerability is due to TCP/IP stack failing to properly handle crafted packets. A remote unauthenticated attacker can exploit this vulnerability by sending crafted packets to the target system...
libav LZO Integer Overflow (CVE-2014-4609)
A code execution vulnerability exists in the libav library. The vulnerability is due to an integer overflow while processing literal runs in the LZO compressed data. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted file with an...
Microsoft Internet Explorer Memory Corruption (MS14-037; CVE-2014-1765)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
ISC BIND Recursive Nameservers Prefetch Denial of Service (CVE-2014-3214)
A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to an assertion failure when processing queries involved in the prefetch feature of recursive nameservers. A remote attacker may exploit this vulnerability by sending a specially crafted query to the affecte...
Yokogawa CENTUM CS 3000 SCADA Service Buffer Overflow (CVE-2014-0783)
A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. A remote attacker can exploit this vulnerability by sending specially crafted packets...
Red Hat CloudForms Management Engine SQL Injection (CVE-2013-2050)
An SQL injection has been reported in Red Hat CloudForms Management Engine. The vulnerability is due to improper sanitization of in the "explorer" action of "miqpolicy" controller. A remote attacker can exploit this vulnerability via the profile parameter in an explorer action...
Microsoft Windows Signature Validation Remote Code Execution - Ver2 (CVE-2012-0151)
A code execution vulnerability has been reported in Windows Authenticode Signature Verification function used for portable executable PE files. The vulnerability is due to an error in the way the Authenticode Signature Verification function validates the file digest of a specially crafted PE file...
Microsoft Access ACCDB Memory Corruption - Ver2 (CVE-2013-3155)
A code execution vulnerability has been reported in Microsoft Access. The vulnerability is due to an error in the way that Microsoft Access parses ACCDB files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Ultra Crypto Component AcquireContext Buffer Overflow - Ver2 (CVE-2007-4903)
A buffer overflow vulnerability has been reported in Ultra Crypto Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Altnet Download Manager ActiveX Buffer Overflow - Ver2 (CVE-2007-5217)
A buffer overflow vulnerability has been reported in Altnet Download Manager. An attacker could exploit this vulnerability a long argument to the Install method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause...
Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1751)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...