13538 matches found
Microsoft Windows Kernel Information Disclosure (CVE-2017-0175)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...
SAP GUI regsvr32.exe Rule Security Policy Bypass (CVE-2017-6950)
A security policy bypass vulnerability has been reported in SAP GUI. The vulnerability is due to improper implementation of client side security policies regarding the Windows application regsvr32.exe. A remote attacker could exploit this vulnerability by enticing an user to connect to a maliciou...
HPE Intelligent Management Center FileUploadServlet Directory Traversal (CVE-2017-5794)
A directory traversal vulnerability exist in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploadServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HTTP request...
Ghostscript Type Confusion Arbitrary Command Execution (CVE-2017-8291)
An arbitrary code execution vulnerability exists within Ghostscript. This vulnerability is due to the way Ghostscript parses .eps files. An attacker can manipulate a .eps file and run arbitrary commands on the victims computer...
Moodle Remote Code Execution (CVE-2017-2641)
A remote code execution vulnerability exists in Moodle. The vulnerability is due to object injection through a legacy user preferences setting. A remote attacker can exploit this vulnerability to execute PHP code at the vulnerable Moodle server...
Joomla Core HTML Attributes Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7986)
A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...
WordPress Unauthorized Password Reset (CVE-2017-8295)
An unauthorized password reset vulnerability exists in WordPress core. The vulnerability is due to WordPress using untrusted data when creating a password reset e-mail. Successful exploitation of this vulnerability could allow a remote attacker to reset user's password and gain unauthorized acces...
Joomla Core Sterilizer Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7985)
A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...
ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)
An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...
Popcorn Time Subtitles Remote Code Execution
A remote code execution vulnerability exists in Popcorn Time Subtitles mechanism. The vulnerability is due to the way PopcornTime appends subtitles to its Interface. A remote attacker can exploit this issue by uploading a malicious subtitles file to Open Subtitles. Successful exploitation could...
Kodi Open Subtitles Addon Remote Code Execution
A remote code execution vulnerability exists in Kodi OpenSubtitles Addon. The vulnerability is due to the way the addon parses the subtitles file name. A remote attacker can exploit this issue by uploading a malicious subtitles file to Open Subtitles. Successful exploitation could result in...
ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...
ALLPlayer M3U File Stack Buffer Overflow (CVE-2013-7409)
A stack buffer overflow vulnerability exists in ALLPlayer. The vulnerability is due to insufficient bounds checking on a M3U file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted M3U file. Successful exploitation could lead to arbitrary code...
HPE Intelligent Management Center FileDownloadServlet fileName Directory Traversal (CVE-2017-5795)
A directory traversal vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on the fileName parameter in FileDownloadServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HTTP...
Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow (CVE-2017-16671; CVE-2017-7617)
A buffer overflow exists in the CDR engine of Digium Asterisk. The vulnerability is due to a lack of size checking when setting the user field of a CDR. A remote, authenticated attacker can exploit this vulnerability by sending a crafted message to an affected Asterisk server...
Microsoft Edge asm.js Type Confusion (CVE-2017-0093)
A type confusion vulnerability has been reported in Microsoft Edge Scripting Engine. The vulnerability is due to improper parsing of eval function arguments when it accesses an asm.js function. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...
Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3053)
An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG...
Foxit PDF Reader Title Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in Foxit PDF Reader. The vulnerability is due to mishandling of an overly long string in the Title field. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted pdf file...
Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3051)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory in a specially crafted JPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPG file ...
Mac OSX/Dok Unauthorized Remote Access
A MacOSX malware exists in the wild. A remote attacker can send the malware via mail, and then entice the victim to execute it by means of social engineering. Activating this malware results in complete remote control over the victim's machine...
Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3050)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted Gif file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3044)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3046)
An information disclosure vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3049)
A Heap Overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file...
Trend Micro SafeSync for Enterprise deviceTool.pm devid Command Injection
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of user-supplied HTTP parameters. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system...
Adobe Acrobat and Reader Use After Free (APSB17-11: CVE-2017-3047)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3048)
A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the TIFF decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file...
HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow (CVE-2017-5789)
A heap buffer overflow vulnerability exists in HP LoadRunner and Performance Center. The vulnerability is due to insufficient validation of the length of XDR encoded string. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable...
Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3052)
An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted EMF file...
Zinf Audio Player PLS File Stack Buffer Overflow (CVE-2004-0964)
A stack buffer overflow vulnerability exists in Zinf Audio Player 2.2.1. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...
Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3037)
A memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to excessive recursive calls leading to a stack overflow. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)
A remote code execution vulnerability exist in Microsoft Remote Procedure Call RPC. The vulnerability is due to the way RPC service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execut arbitrary...
Oracle Solaris Remote Shell Code Execution (CVE-2017-3623)
A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...
Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure (CVE-2017-8225)
An information disclosure vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Adobe Reader and Acrobat Use After Free Code Execution (APSB17-11: CVE-2017-3035)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Microsoft Windows EternalBlue SMB Remote Code Execution
A remote code execution vulnerability exists in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution
A code execution vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Eternalromance SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
AOL Phobos.Playlist ActiveX Control Stack Buffer Overflow
A buffer overflow vulnerability exists in AOL 9.5. The vulnerability is due to a boundary error when handling a certain function call with an overly long value. Remote attackers can exploit this vulnerability by enticing a target user to open a specially crafted web page with an embedded code tha...
WordPress Yerlte Security Scanner
Yerlte is a vulnerability scanning product. Remote attackers can use Yerlte to detect vulnerabilities on a target WordPress server...
Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3039)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3042; CVE-2017-3054)
A Heap Overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Mini-Stream RM-MP3 Converter PLS File Stack Buffer Overflow
A stack buffer overflow vulnerability exists in Mini-Stream RM-MP3 Converter. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...
Adobe Flash Player Memory Corruption (APSB17-10: CVE-2017-3064)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB17-10: CVE-2017-3059)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Trend Micro SafeSync for Enterprise rollback Command Injection
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to the rollback end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the...
Rockwell Automation Logix Controller Stack Buffer Overflow (CVE-2016-9343)
A stack buffer overflow vulnerability exists in Rockwell Automation Logix Controllers. The vulnerability is due to insufficient bounds checking. A successful exploitation could lead to arbitrary code execution...
GnuTLS Proxy Certificate Information Extension Memory Corruption (CVE-2017-5334)
A memory corruption vulnerability has been reported in the GnuTLS library. The vulnerability is due to improper handling of the Proxy Certificate Information extension in X.509 certificates. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted X.509 certificate to a...
Weak SSL DES Cipher Suites
DES is a widely supported stream cipher often preferred by TLS servers and other servers using encrypted sessions. Recent cryptanalysis results one of which is the SWEET32 exploit biases in the DES keystroke to recover repeatedly encrypted plain-texts. As a result DES can no longer be seen as...
Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage pm page. The vulnerability is due to insufficient validation of the user-supplied parameters defining an iSCSI device to be discovered. A remote, authenticated attacker could exploit this vulnerability by...