13538 matches found
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow (CVE-2009-0476)
A stack-based buffer overflow exists in Audiotran 1.4.1. A remote attacker could trigger this vulnerability by enticing a victim to open a crafted file. Successful exploitation would allow remote attackers to execute arbitrary code via a long string in a playlist .pls file...
Altap Salamander 2.5 PE Viewer Buffer Overflow (CVE-2007-3314)
A buffer overflow exists in Altap Salamander. A remote attacker could trigger this vulnerability by creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander. Successful exploitation would allow remote...
VUPlayer CUE File Buffer Overflow
A stack overflow exists in VUPlayer. The vulnerability is due to improper boundary checking of user-supplied input when processing CUE files. By enticing a victim to open a malicious CUE file, a remote attacker could execute arbitrary code on the affected system...
Beetel Connection Manager Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager. The vulnerability is due to improper parsing of parameters in the NetConfig.ini file. A remote attacker could exploit this vulnerability by enticing a user to use a crafted NetConfig.ini file...
Flash File Malicious Code Execution
A code execution vulnerability exist in Flash. The vulnerability is caused by a crafted SWF file with hidden malicious code. A remote attacker can exploit this issue in order to run malicious code on the effected system...
Suspicious Proxy Auto-Config File
An attacker can force browsers to use a malicious .pac file, and redirect traffic to a fake site. A successful attack might result in loss of data or connection hijack...
NETGEAR Routers Authentication Bypass (CVE-2017-5521)
An authentication bypass vulnerability exists in Multiple NETGEAR Routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
WordPress REST API Content Injection
A content injection vulnerability exists in WordPress REST API. A remote attacker may exploit this vulnerability by sending a malicious request to the server. Successful exploitation would allow an attacker to inject and change content...
Microsoft Windows SMB2 Tree Connect Response Denial of Service (MS17-012: CVE-2017-0016)
A denial of service vulnerability has been reported in Microsoft Windows SMB2. The vulnerability is due to insufficient sanitization over SMB2 Tree Connect response messages...
CMSmap Security Scanner
CMSmap is a dedicated vulnerability scanning product for Content Management Systems. Remote attackers can use CMSmap to detect vulnerabilities on a target server...
Chrome Fake Font Malware Installer
A misleading popup window, disguising as a Chrome error message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine...
Suspicious Metadata Mail Phishing Containing Archive Attachment
Suspicious Mail containing archive attachment was observed as part of phishing campaigns. A remote attacker could send spam e-mails including those files. This would allow the malicious code to run and infect the target system...
WordPress CM Download Manager Code Injection (CVE-2014-8877)
Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full...
Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154)
An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL...
Cisco WebEx Meetings Server and Center Remote Code Execution (CVE-2017-3823)
A remote code execution vulnerability exists in Cisco WebEx Meetings Server and WebEx Meetings Center browser extensions. The vulnerability is due to a design weakness in the API response parser within the extensions.A remote unauthenticated attacker could exploit this vulnerability by enticing a...
Aerospike Database Server Stack Buffer Overflow (CVE-2016-9052; CVE-2016-9054)
A memory corruption vulnerability has been reported in Aerospike Database Server. This vulnerability is due to improper bounds checking of user-supplied variable. A remote attacker could exploit these vulnerabilities by sending a maliciously crafted packet to the vulnerable server...
Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow (CVE-2016-2123)
An integer overflow vulnerability exists in Samba. The vulnerability is due to incorrectly parsing crafted NDR data that results in an integer overflow. A remote, authenticated attacker could exploit this vulnerability by sending malicious packets to a vulnerable Samba service and could result in...
IBM Tivoli Storage Manager FastBack Server Denial of Service (CVE-2015-8523)
A denial of service vulnerability exists in IBM Tivoli Storage Manager FastBack Server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to port 11460/TCP...
Microsoft Edge document.domain Same Origin Policy Bypass (MS17-001: CVE-2017-0002)
A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted...
Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2959)
A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPG file...
ISC BIND TKEY Query Response Assertion Failure Denial of Service (CVE-2016-9131)
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet. A remote, unauthenticated attacker could exploit this vulnerability by providing a...
LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow (CVE-2016-9941)
A heap-based buffer overflow has been reported in LibVNCServer LibVNCClient. The vulnerability is due to improper handling of FramebufferUpdate messages with specially crafted rectangles. A remote attacker could exploit this vulnerability by enticing a user to connect to a malicious VNC server an...
Same-Source Weak Password Scan Over HTTP
Many HTTP servers, especially on routers and other network device, have well-known default user credentials. In many cases, these default credentials are not changed by the administrator. An attacker might scan the network in order to discover such devices, and use these default credentials to lo...
Autodesk Design Review BMP biClrUsed Buffer Overflow
A heap-based buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to improper handling of biClrUsed field in a BMP file. A remote attacker could exploit these vulnerabilities by enticing the user to visit a maliciously crafted web-page or open a maliciously...
Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2937)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
F5 Multiple Products iControl iCall Script Privilege Escalation (CVE-2015-3628)
A privilege escalation vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of iCall scripts in incomming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to the serve...
Adobe Acrobat and Reader Type Confusion (APSB17-01: CVE-2017-2962)
A type confusion vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file with an...
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2961)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2963)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted TIFF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2960)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the image conversion engine, related to parsing of EXIF metadata. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2964)
A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPEG file...
Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2936)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
VegaDNS axfr_get.php Command Injection
A command injection vulnerability exists in the axfrget.php script of VegaDNS. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could allow the attacker to execute arbitrary commands...
Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2931)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2930)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2932)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2955; CVE-2017-2958)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2965)
A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted TIFF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2939)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a file with malformed cross-reference table. A remote attacker may exploit this vulnerability by enticing a target user to open a special...
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2951)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2956; CVE-2017-2957)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...
Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2928)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2926)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
HTML File Containing Hidden Malicious JavaScript
A vulnerability exists in websites using Joomla or WordPress, allowing a malicious JavaScript file to open hidden content as a user browses the compromised website without the users knowledge .Attackers use this technique to improve search result ranking but may also use it as a stage in more...
Adobe Acrobat And Reader Use After Free (APSB17-01: CVE-2017-2950)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Flash Player Heap Buffer Overflow (APSB17-02: CVE-2017-2927)
heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Acrobat and Reader Security Bypass (APSB17-01: CVE-2017-2947)
A Security Bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2967)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
GetGo Download Manager HTTP Response Header Buffer Overflow (CVE-2014-2206)
A remote code-execution vulnerability exists in GetGo Download Manager. The vulnerability is due to incorrectly handling the object header in a crafted file. A remote attacker can exploit this vulnerability by enticing the target user to download a file from a malicious server, potentially causin...
Adobe Acrobat and Reader Out of Bounds Read (APSB17-01: CVE-2017-2946)
An out-of-bounds read vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to improper validation of embedded JPEG2000 images in a PDF document. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or a...