13538 matches found
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0031)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Repetitive MySQL Login Failures
An attacker may attempt to gain access to MySQL server accounts by repeatedly trying to log in using various passwords, eventually finding the correct one, a technique known as "Brute Force". Successful exploitation may result in an unauthorized access to a MySQL server...
Microsoft Windows GDI+ Information Disclosure (MS17-013; CVE-2017-0060; CVE-2017-0062)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0072)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0090)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0071; CVE-2017-8548)
A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page...
GSM SIM Editor 5.15 Buffer Overflow
A buffer overflow vulnerability exists in GSM SIM Editor 5.15. The vulnerability is due to the way GSM SIM Editor handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file which allows an attacker to execute arbitrary...
FusionVM Security Scanner
FusionVM is a vulnerability scanning product. Remote attackers can use FusionVM to detect vulnerabilities on a target server...
Trend Micro Control Manager download.php Information Disclosure
An information disclosure vulnerability exists in Trend Micro Control Manager. The vulnerability is due to security misconfiguration which allows access to the unreferenced download.php file, which in turn allow reading of the arbitrary files...
Suspicious Metadata Mail Phishing Redirection
Mail attachment containing a malicious html file was observed as part of recent campaigns. A remote attacker could send spam e-mails including those html and redirects users to manually download malicious files...
ISC BIND Query Response Missing RRSIG Denial of Service (CVE-2016-9444)
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure while processing a crafted response query containing certain record types without an accompanying RRSIG. A remote, unauthenticat...
Metasploit Meterpreter Reverse Payloads Remote Code Execution - ver2
A reverse shell is a type of shell in which the target machine communicates back to the attacking machine on a listener port. By remotely installing and running such a shell on the target machine, the attacker achieves remote code or command execution abilities, or may obtain sensitive informatio...
I-FTP 2.20 Schedule Buffer Overflow
A stack buffer overflow vulnerability has been reported in i-FTP 2.20. The vulnerability is due to a lack of boundary check when handling Schedule.xml file. Successful exploitation could allow arbitrary code execution in the context of the target user...
ISC BIND RRSIG Record Response Assertion Failure Denial of Service (CVE-2016-9147)
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet containing malformed RRSIG record. A remote, unauthenticated attacker could exploit...
Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)
A remote code execution vulnerability exists in Apache Struts2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Java Applet FTP Protocol Stream Injection
A FTP protocol stream injection vulnerability has been reported in Java's Applets. The vulnerability is due to improper URL handling code. A remote attacker may exploit this issue using a specially crafted Java applet which can enable an attacker to run FTP commands on the effected system...
OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference (CVE-2017-3730)
A NULL pointer dereference vulnerability exists in OpenSSL. This vulnerability is due to the way crafted DHE and ECDHE parameters are handled by an OpenSSL client application during TLS handshake. A remote attacker could exploit this vulnerability in an OpenSSL client application, by sending...
Microsoft Browser Memory Corruption (MS17-006: CVE-2017-0037)
A type confusion vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user ...
Brocade Network Advisor DashboardFileReceiveServlet filename Directory Traversal (CVE-2016-8205)
A directory traversal vulnerabilities exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation in the DashboardFileReceiveServlet servlet of dashboard-fileupload. war when processing HTTP multipart form requests. A remote,...
OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow (CVE-2017-3731)
Integer overflow vulnerability has exists in OpenSSL. The vulnerability is due to improper handling of truncated blocks in 32-bit versions of OpenSSL. Successful exploitation could lead to denial of service conditions on the affected service...
Trend Micro Control Manager importFile.php Directory Traversal
A directory traversal vulnerability has been reported in Trend Micro Control Manager. This vulnerability is caused by improper sanitization of directory traversal characters.. by importFile.php. A remote attacker could exploit this vulnerability by uploading arbitrary files onto the vulnerable...
Brocade Network Advisor Directory Traversal (CVE-2016-8206; CVE-2016-8207)
A directory traversal vulnerability exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a request with a crafted URL to t...
Tarantool xrow_header_decode Out of Bounds Read (CVE-2016-9037)
An Out of Bounds read vulnerability has been reported in the xrowheaderdecode function of Tarantool. This vulnerability is due to incorrect handling of objects in memory when trying to determine the type of a key. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Fatek Automation PLC WinProladder Stack Buffer Overflow (CVE-2016-8377)
A stack-based buffer overflow exists in Fatek Automation PLC WinProladder. The vulnerability is due to improper validation of user supplied data before copying to a stack-based buffer. A remote attacker could exploit this vulnerability by sending a crafted pdw file over a network to the vulnerabl...
PHP zend_hash_destroy Uninitialized Pointer Code Execution (CVE-2017-5340)
An access-of-uninitialized-pointer vulnerability exists in PHP. A remote attacker can exploit this vulnerability by sending crafted serialized data to an affected PHP application. Successful exploitation could result in arbitrary code execution under the context of the target application...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution (CVE-2014-7205)
An un-authenticated code injection vulnerability exists in the Bassmaster Nodejs plugin for Hapi. The vulnerability is due to improper input validation within the batch endpoint. Successful exploitation could allow an attacker to execute arbitrary code...
Adobe Digital Editions Epub XXE Information Disclosure (CVE-2016-7889)
An XML external entity processing vulnerability exists in the XML parsing component of Adobe Digital Editions. The vulnerability is due to a lack of validation on user-supplied input when parsing the XML in Epub documents. A remote attacker could exploit this vulnerability by enticing a user to...
HPE Operations Orchestration Insecure Deserialization (CVE-2016-8519)
An insecure deserialization vulnerability has been reported in HPE Operations Orchestration. The vulnerability is due to the deserialization of untrusted data in several servlets used for backwards compatibility with older API versions. A remote, unauthenticated attacker can exploit this...
Oracle OIT PDF Parser Code Execution (CVE-2017-3271)
An arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution...
Piwik Superuser Unauthorized File Upload
A file upload vulnerability exists in Piwik. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Magento RSS Brute Force Attempt
A remote attacker can attempt to obtain login credentials to the built-in RSS feed functionality of the Magento platform using brute force. Successful exploitation would allow an attacker to obtain unauthorized access to the Magento Admin login...
Suspected Ransomware Dropzone
A remote attacker could send spam e-mails including a downloader and manipulate users to manually enable them. This would allow the malicious code to run and infect the target system. This behavior has been used, among others, by ransomwares such as BadRabbit...
Microsoft Windows Graphics Component Information Disclosure (MS17-013: CVE-2017-0038)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows GDI component improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Suspicious Malvertising Redirection
Campaigns of malvertising, redirecting to malicious web pages, have been identified. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...
F5 Big-IP TLS Information Disclosure (Ticketbleed; CVE-2016-9244)
An information disclosure vulnerability has been reported in F5 Big-IP TLS products. An attacker can leverage this vulnerability to disclose memory contents of a connected server...
SafeNet SoftRemote GROUPNAME Buffer Overflow (CVE-2009-3861)
A stack buffer overflow vulnerability exists in SafeNet SoftRemote Security Policy Editor. The vulnerability is due to insufficient input validation while handling a specially formatted security policy. Successful exploitation could lead to arbitrary code execution in the security context of the...
Adobe Flash Player Memory Corruption (APSB17-04: CVE-2017-2996)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Type Confusion (APSB17-04: CVE-2017-2995)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2994)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-04: CVE-2017-2990)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted MP4 file...
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2982)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Heap Buffer Overflow (APSB17-04: CVE-2017-2984)
A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2985)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2993)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Heap Buffer Overflow (APSB17-04: CVE-2017-2992)
A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
UltraISO CUE File Parsing Buffer Overflow (CVE-2007-2888)
A stack-based buffer overflow exists in UltraISO. The vulnerability is due to lack of bounds validation which might lead to a buffer overflow. A remote attacker can execute arbitrary code by enticing a victim to open a CUE crafted file...
Adobe Flash Player Heap Buffer Overflow (APSB17-04: CVE-2017-2986)
A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Memory Corruption (APSB17-04: CVE-2017-2991)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in h264 codec while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Memory Corruption (APSB17-04: CVE-2017-2988)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Total Video Player SEH Buffer Overflow
A buffer overflow vulnerability exists in Total Video Player. The vulnerability is due to improper parsing of parameters in the Settings.ini. A remote attacker could exploit this vulnerability by enticing a user to open a malformed Settings.ini file...