13538 matches found
Microsoft Office Information Disclosure (MS16-148: CVE-2016-7276)
An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an improper handling of malformed embedded fonts. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7870)
A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS16-144: CVE-2016-7279)
A remote code execution vulnerability exists in Internet Explorer and Microsoft Edge. The vulnerability is due to the way scripting engine renders when handling objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...
Microsoft Office OLE DLL Side Loading (MS16-148: CVE-2016-7275)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused due to an incorrect link to a dynamic-link library file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file which will lead to arbitrary code execution...
Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7879)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7869)
A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Windows Win32k Elevation of Privilege (MS16-151: CVE-2016-7259)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation...
Microsoft Internet Explorer Memory Corruption (MS16-144: CVE-2016-7283)
An out-of-bounds read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause...
Microsoft Windows GDI Information Disclosure (MS16-146: CVE-2016-7257)
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious presentation file. Successful exploitation of this issue can lead to...
Microsoft Windows CLFS Driver Information Disclosure (MS16-153: CVE-2016-7295)
An elevation of privilege vulnerability exists in the Windows Common Log File System CLFS driver of Microsoft Windows. The vulnerability is due to the way Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run processes in an elevated...
Microsoft Windows Graphics Remote Code Execution (MS16-146: CVE-2016-7272)
A remote code execution vulnerability exists in Microsoft Windows Graphics. The vulnerability is due to the improper handling of objects in the memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Installer Elevation of Privilege (MS16-149: CVE-2016-7292)
An elevation of privilege vulnerability exists in the Windows Installer. The vulnerability is due to the Windows Installer failing to properly sanitize input leading to an insecure library loading behavior. A attacker could run arbitrary code with elevated system privileges...
Microsoft Edge Security Feature Bypass (MS16-145: CVE-2016-7282)
security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge implements Address Space Layout Randomization ASLR.A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsof...
Microsoft Windows Crypto Driver Information Disclosure (MS16-149: CVE-2016-7219)
An information disclosure vulnerability has been reported in Windows Crypto driver running in kernel mode improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system...
Microsoft Office Information Disclosure (MS16-148: CVE-2016-7264)
An information disclosure vulnerability exists within Microsoft Office. The vulnerability occurs due to an out-of-bound memory read as a result of an uninitialized variable, and could be used to disclose the memory content. A remote attacker can exploit this issue by enticing a victim to open a...
Microsoft Office Memory Corruption (MS16-148: CVE-2016-7277)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7868)
A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7284)
An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error in Internet Explorer. Successful exploitation of this issue can lead to information disclosure...
Microsoft Office Security Feature Bypass (MS16-148: CVE-2016-7262)
A security feature bypass vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this vulnerability by enticing a victim to open a specially...
Microsoft Office Information Disclosure (MS16-148: CVE-2016-7265)
An information disclosure vulnerability was discovered within Microsoft Office. The vulnerability is due to reading out of bound memory due to an uninitialized variable which could disclose the contents of memory. A remote attacker can exploit this issue by enticing a victim to open a specially...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7202)
A buffer overrun vulnerability exists in Microsoft Edge and Microsoft Internet Explorer. The vulnerability is due to the way JavaScript engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web...
Microsoft Windows Uniscribe Remote Code Execution (MS16-147: CVE-2016-7274)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted ttf file...
Microsoft Browser Information Disclosure (MS16-145: CVE-2016-7280)
An information disclosure vulnerability was discovered in Microsoft Edge. The vulnerability is due to an improper content validation under specific conditions in Microsoft Browser XSS Filter. An attacker who exploited the vulnerability could run arbitrary JavaScript that could lead to an...
Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)
A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...
Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7278)
An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer do not properly handle objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Browser Scripting Engine Memory Corruption (MS16-145: CVE-2016-7287)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
PDF Shaper Conversion Buffer Overflow
A buffer overflow vulnerability exists in PDF Shaper. The vulnerability is due to improper handling of file conversion. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...
Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7873)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Memcached process_bin_sasl_auth Integer Underflow (CVE-2016-8706)
An integer underflow vulnerability exists in the Memcached binary protocol. This vulnerability is due to a lack of bounds checking in the processbinsaslauth function. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached that can le...
WordPress Symposium Plugin SQL Injection (CVE-2015-6522)
An SQL injection vulnerability exists in the WordPress Symposium Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress Answer My Question Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress Answer My Question Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
Memcached process_bin_append_prepend Integer Overflow (CVE-2016-8704)
An integer overflow vulnerability exists in memcached. This vulnerability is due to a lack of bounds checking in the processbinappendprepend function while processing commands that append or prepend data to existing key-value pairs. A remote unauthenticated attacker can exploit these...
ISC BIND DNAME Response Processing Denial of Service (CVE-2016-8864)
A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to a flaw processing recursive DNAME responses that can cause the target resolver to crash. A remote, unauthenticated attacker could exploit this vulnerability against DNS servers that perform recursive...
Malicious Embedded Flash Downloader
Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
OpenSSL tls_get_message_body Function init_msg Structure Use After Free (CVE-2016-6309)
A use-after-free vulnerability has been reported in the tlsgetmessagebody function of OpenSSL. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the vulnerable server. Successful exploitation allows the attacker to execute arbitrary code on the...
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
A script injection and execution vulnerability has been reported in Movable Type. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary Perl code and SQL commands on the affected system...
FFmpeg mov_read_keys Integer Overflow (CVE-2016-5199)
An integer overflow vulnerability exists in FFmpeg. The vulnerability is due to an integer overflow while processing a media file containing a metadata keys atom with a malicious entrycount value. Successful exploitation of the vulnerability can possibly lead to remote code execution...
Mozilla Multiple Products Remote Code Execution (CVE-2016-9079; CVE-2017-5375)
A remote code execution vulnerability exists in multiple Mozilla products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Eir D1000 Routers Remote Code Execution
A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device...
NodCMS edit_lang_file PHP Code Execution
An arbitrary PHP code execution vulnerability exists in NodCMS . The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Memcached process_bin_update body_len Integer Overflow (CVE-2016-8705)
An integer overflow vulnerability exists in memcached. This vulnerability is due to an integer overflow in the processbinupdate function while processing multiple commands and the bodylen parameter of a Memcached binary protocol packet. A remote unauthenticated attacker can exploit these...
Java Applet Method Handle Remote Code Execution (CVE-2012-5088)
A code execution vulnerability has been reported in Oracle's Java and JRE. The vulnerability is due to improper use of the Method Handle class. A remote attacker may exploit this issue by enticing a target user to open a specially crafted Java applet which can enable an attacker to execute...
FreePBX callmenum Remote Code Execution (CVE-2012-4869)
FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...
SVG Javascript Nemucod Downloader
SVG file may contain a malicious JavaScript downloader. A successful implementation might result in the browser running arbitrary code on the infected system...
Joomla Suspicious File Upload
Multiple vulnerabilities exist in Joomla, allowing a remote attacker to upload a malicious file. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...
ShadowGate Redirector
ShadowGate is an initial redirection point for exploit kits. Exploit Kits operate by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...
GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)
A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarchscan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution...
NTP Daemon _IO_str_init_static_internal Denial of Service (CVE-2016-7434)
A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a null pointer dereference in the IOstrinitstaticinternal function. A remote attacker can exploit this vulnerability by sending a crafted packet to the target service. Successful...
Social Media Infected Image File (ImageGate)
A vulnerability exists in a web kit used by major web servers. A malicious code may be embedded in an image file. Specially crafted HTTP request is later used to manipulate a web client into executing the embedded code...
Distinct TFTP Writable Directory Traversal Execution (CVE-2012-6664)
A vulnerability exists in Distinct TFTP servers. The software contains a directory traversal vulnerability that allows authorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the...