13538 matches found
Adobe ColdFusion OOXML XXE Information Disclosure (CVE-2016-4264)
An XML external entity XXE processing vulnerability has been reported in the Office Open XML OOXML parsing component of Adobe ColdFusion. The vulnerability is due to a lack of validation on user-supplied input when parsing OOXML documents. A remote attacker could exploit this vulnerability by...
Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)
A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the responsetype parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code...
Trend Micro Smart Protection Server admin_notification.php Command Injection (CVE-2016-6267)
A remote code execution vulnerability exists in the adminnotification.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the...
Microsoft Windows AHCACHE.SYS Denial of Service (MS16-110: CVE-2016-3369)
A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an...
Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4140)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insecure library loading while handling certain files. A remote attacker could exploit this issue by enticing a user to open a legitimate file that will insecurely load a specially crafted D...
Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0999)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Use After Free (APSB16-37: CVE-2016-7863)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
XpoLog Center Remote Command Execution
A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7865)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...
Microsoft Browser Information Disclosure (MS16-142: CVE-2016-7227)
An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7236)
A use-after-free vulnerability exists in Microsoft Office. A remote attacker can exploit this issue by enticing a user to open a specially crafted .xlsb file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user...
Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7225)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...
Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7859)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7224)
Multiple elevation of privilege vulnerabilities exist in the Windows VHDMP kernel driver. The vulnerability is due to the way driver fails to properly handle user access to certain files. An attacker can exploit this vulnerability by gaining access to the local system and executing a specially...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7201)
A remote code execution exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that...
Microsoft Win32k Elevation of Privilege (MS16-135: CVE-2016-7246)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...
Adobe Flash Player Use After Free (APSB16-37: CVE-2016-7864)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Office Information Disclosure (MS16-133: CVE-2016-7233)
An Out-of-bounds memory read vulnerability exists in Microsoft Word. The vulnerability is triggered by reading a malformed .doc file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user...
Microsoft Windows Win32k Information Disclosure (MS16-135: CVE-2016-7214)
An out-of-bounds read vulnerability was discovered within Microsoft Windows. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...
Microsoft Win32k Elevation of Privilege (MS16-135: CVE-2016-7215)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...
Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7861)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...
Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7860)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7235)
A Out-of-bounds memory read vulnerability exists in Microsoft Office. The vulnerability is due to an error to an error in parsing a malformed DOC file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Edge Information Disclosure (MS16-129: CVE-2016-7204)
An information disclosure vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Windows Open Type Font Information Disclosure (MS16-132: CVE-2016-7210)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the Open Type Font OTF driver handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted OTF fil...
Microsoft Windows Open Type Font Remote Code Execution (MS16-132: CVE-2016-7256)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows font library improperly handles specially crafted embedded fonts. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafter OTF file...
Microsoft Windows Win32k Elevation of Privilege (MS16-135: CVE-2016-7255)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated...
Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7857)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Windows Animation Manager Memory Corruption (MS16-132: CVE-2016-7205)
A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way the Windows Animation Manager handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious webpage...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7203)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7213)
A use-after-free vulnerability exists in Microsoft Office. This vulnerability could be triggered by a corrupted Excel file. Successful exploitation of this issue could grant an attacker remote code execution...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3334)
A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...
Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7858)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7862)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Edge Memory Corruption (MS16-132: CVE-2016-7217)
A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7200)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Browser Memory Corruption (MS16-142: CVE-2016-7196)
A use-after-free vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted website...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7228)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7242)
A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows Driver CLFS Elevation Of Privilege (MS16-134: CVE-2016-3332)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3333)
A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7234)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7231)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted excel files. A remote attacker can exploit this issue by enticing a victim to open a specially...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3338)
A memory corruption vulnerability exists within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7230)
A remote code execution vulnerability exists in Microsoft PowerPoint. The vulnerability is due to a use-after-free error in Microsoft PowerPoint while handling a specially crafted PPT file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PPT...
Microsoft Windows File Manager Remote Code Execution (MS16-130: CVE-2016-7212)
An remote code execution vulnerability exists within Microsoft Windows. The vulnerability is due to an error in parsing a malformed JPG file. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted JPG file...
Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7226)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7232)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Browser Memory Corruption (MS16-142: CVE-2016-7195)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to handling HTML classid attributes. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memo...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3340)
A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to incorrect calling of the functions AddLogContainer and CreateLogMarshallingArea using special parameters. Successful exploitation of this issue might lead to local privilege escalation...