13538 matches found
Microsoft .NET Remote Code Execution (CVE-2017-0160)
A Remote Code Execution vulnerability exists in the Microsoft .Net Framework. The vulnerability happend when Microsoft .NET Framework fails to properly validate input before loading libraries. A remote attacker could exploit this vulnerability by sending specially crafted data to the target serve...
Microsoft Windows Graphics Elevation of Privilege (CVE-2017-0155)
An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafte...
Microsoft Edge Scripting Engine Information Disclosure (CVE-2017-0208)
An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...
Adobe Flash Player Use After Free Code Execution (APSB17-10: CVE-2017-3058)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Terror Exploit Kit
Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...
Cain And Abel RDP File Stack Buffer Overflow (CVE-2008-5405)
A stack-based buffer overflow exists in Oxid Cain and Abel. The vulnerability is due to insufficient bounds checking on a RDP file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted RDP file. Successful exploitation could allow administrator acces...
Quagga VTY Interface Denial of Service (CVE-2017-5495)
A denial-of-service vulnerability has been discovered in Quagga. The vulnerability is due to an input validation error in the Quagga VTY service. A remote attacker can exploit this vulnerability by sending data without a newline character to a Quagga daemon's VTY interface...
KaiXin Exploit Kit
KaiXin exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with KaiXin exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...
Neptune Exploit Kit
Neptune exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Neptune exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution...
Suspicious Decimal IP Redirect
Many exploit kits, when connecting to HTTP servers for malware download, use a non-dotted decimal IP literal as the server name. Using such notation may be indicative of malware download...
Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248)
An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the UnicastRef class in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted...
Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)
A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful...
Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2971)
A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the JPEG decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG file...
HT-MP3Player 1.0 HT3 File Parsing Buffer Overflow (CVE-2009-2485)
A buffer overflow vulnerability exists in HT-MP3Player 1.0. The vulnerability exists because the affected software fails to perform sufficient boundary checks on user-supplied input when processing .ht3 files. A successful exploitation could lead to execution of arbitrary code on the targeted...
HTTP Protocol Remote Code Execution
A remote code execution vulnerability exists in HTTP protocol. By sending a request containing a specially crafted EXE file, a remote attacker can exploit this vulnerability in order to execute arbitrary code on the effected system...
Trend Micro Control Manager Widget importFile.php Directory Traversal
A directory traversal vulnerability has been reported in Trend Micro Control Manager. This vulnerability is caused by improper sanitization of directory traversal characters by importFile php. A remote, unauthenticated attacker could exploit this vulnerability by uploading arbitrary files onto th...
Microsoft Windows iSNS Server Memory Corruption (MS17-012: CVE-2017-0104)
A memory corruption vulnerability exist in Windows iSNS Server. The vulnerability is due to incorrect input validation of malformed attribute in iSNS packet. A remote attacker can exploit this vulnerability to execute arbitrary code on the server...
Maple Maplet File Creation and Command Execution
A command execution vulnerability exists in Maplesoft Maple. The vulnerability is due to insufficient security settings in the application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the application...
DJ Studio Pro PLS File Stack Buffer Overflow (CVE-2009-4656)
A stack buffer overflow vulnerability exists in DJ Studio Pro. The vulnerability is due to insufficient bounds checking on a PLS file. A successful exploitation could lead to arbitrary code execution in the security context of the target user...
OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service (CVE-2017-3733)
A denial of service vulnerability has been reported in OpenSSL. This vulnerability is due to improper handling of the Encrypt-Then-Mac extension during renegotiation. A remote attacker could exploit this vulnerability in an OpenSSL client or server application by sending crafted packets during...
McAfee ePolicy Orchestrator DataChannel GUID SQL Injection (CVE-2016-8027)
An SQL injection vulnerability exists in McAfee ePolicy Orchestrator. The vulnerability is due to insufficient input validation on the GUID parameter. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the affected server. Successful...
Winamp Maki File Buffer Overflow (CVE-2009-1831)
A buffer overflow vulnerability has been reported in Nullsoft Winamp. The vulnerability is due to an incorrect type cast while parsing a .maki file, causing a buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...
gAlan 0.2.1 Buffer Overflow
A stack buffer overflow vulnerability exists in gAlan 0.2.1. The vulnerability is due to inadequate boundary checks on user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the application...
VariCAD DWB File Stack Buffer Overflow
A stack buffer overflow vulnerability exists in VariCAD 2010. The vulnerability is due to insufficient bounds checking on a DWB file. A successful exploitation could lead to arbitrary code execution in the security context of the target user...
Real Networks NetZip Classic Buffer Overflow
A buffer overflow vulnerability exists in Real Networks Netzip Classic. The vulnerability is due to improper boundary check error while handling ZIP files. A remote attacker can exploit this vulnerability to execute an arbitrary code on the victim's computer...
dotCMS H2 Database CategoriesServlet inode SQL Injection
An SQL injection vulnerability has been reported in dotCMS H2 Database. The vulnerability is due to insufficient validation of the inode parameter in HTTP request sent to the getCreateSortChildren function. A remote attacker could exploit this vulnerability by sending a malicious HTTP request to...
Brocade Network Advisor FileReceiveServlet filename Directory Traversal (CVE-2016-8204)
A directory traversal vulnerability exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation in the FileReceiveServlet servlet when processing HTTP multipart form requests. A remote, unauthenticated attacker can exploit this...
AVTECH Devices Multiple Vulnerabilities (CVE-2013-4980; CVE-2013-4981; CVE-2013-4982)
Multiple vulnerabilities exist in AVTECH devices. An attacker could exploit this vulnerability via direct requests. Successful exploitation of this vulnerability could allow a remote attacker to gain access to the devices...
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...
Repetitive MySQL Login Failures
An attacker may attempt to gain access to MySQL server accounts by repeatedly trying to log in using various passwords, eventually finding the correct one, a technique known as "Brute Force". Successful exploitation may result in an unauthorized access to a MySQL server...
Microsoft Internet Explorer Information Disclosure (MS17-006: CVE-2017-0059)
Information disclosure vulnerabilities exists in Microsoft Internet Explorer. This vulnerability is due to improper handling of objects in memory. A successful exploitation could result in an out-of-bounds read and access to private user data...
CakePHP Cache Corruption Code Execution (CVE-2010-4335)
A remote code execution vulnerability exists in CakePHP. The vulnerability is due to the way the security component of CakePHP fails to validate user input. A remote attacker can exploit this issue by sending a specially crafted HTTP request...
Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0149)
An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Internet Explorer Elevation of Privilege (MS17-006: CVE-2017-0154)
An elevation of privilege vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Scripting Engine Information Disclosure (MS17-006: CVE-2017-0049)
An information disclosure vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0086)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0133)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0034)
A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that wou...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0083)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0026)
An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...
Microsoft Windows Uniscribe Information Disclosure (MS17-011: CVE-2017-0121)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0020)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0131)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an out of bounds read when Microsoft Edge improperly accesses objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft XML Core Services Information Disclosure (MS17-022: CVE-2017-0022)
An information vulnerability exists in Microsoft XML Core Services MSXML. The vulnerability is caused when MSXML improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0072)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Office Information Disclosure (MS17-014: CVE-2017-0105)
An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Windows GDI+ Information Disclosure (MS17-013; CVE-2017-0060; CVE-2017-0062)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0025)
An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...
Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0066)
Security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...
Microsoft Windows GDI+ Information Disclosure (MS17-013: CVE-2017-0073)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...