13538 matches found
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3342)
An elevation of privilege vulnerability exists in the Windows Common Log File System Driver. The vulnerability is caused when the Windows Common Log File System Driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially exe file...
Microsoft Windows CLFS Elevation of Privilege (MS16-134: CVE-2016-0026)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...
Microsoft Browser Remote Code Execution (MS16-129: CVE-2016-7241)
A type confusion vulnerability has been reported in the Scripting Engines of Microsoft Edge and Internet Explorer. This vulnerability is due to improper access of objects in memory when the JSON.parse JavaScript function is called. A remote attacker could exploit this vulnerability by enticing th...
Microsoft Windows CLFS Elevation of Privilege (MS16-134: CVE-2016-7184)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3335)
A memory corruption vulnerability exists within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...
Microsoft Internet Explorer Memory Corruption (MS16-142: CVE-2016-7198)
A remote code execution vulnerability exists in Internet Explorer and Microsoft Edge. The vulnerability is due to the way scripting engine renders when handling objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7240)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3343)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to improper handling of objects in memory. The attacker must entice the victim to run an executable file to exploit this vulnerability...
Novell Micro Focus GroupWise Multiple Cross Site Scripting (CVE-2016-5760)
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to failure to properly sanitize user-supplied input. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted UR...
Adobe Acrobat and Reader Use After Free Code Execution (APSB16-33: CVE-2016-1091)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB16-33: CVE-2016-6954)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...
Nagios Network Analyzer create Cross-Site Request Forgery
A cross-site request forgery vulnerability exists in the create user interface of Nagios Network Analyzer. The vulnerability is due to a lack of CSRF protection on the user creation form in createuser.php. A remote, unauthenticated attacker can exploit this vulnerability by enticing an...
FreePBX Framework remotemod Parameter Remote Command Execution
A remote command execution vulnerability exists in FreePBX. The vulnerability is due to lack of sanitization for 'remotemod' parameter. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary command in the security context of the affected service...
SugarCRM PHP Deserialization Script Injection
A script injection vulnerability exists in SugarCRM. The vulnerability is due to lack of input validation when handling a parameter of a HTTP request. Remote, unauthenticated attackers could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation...
Novell Micro Focus GroupWise Multiple Cross Site Scripting (CVE-2016-5760)
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to failure to properly sanitize user-supplied input. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted UR...
Trend Micro Control Manager Information Disclosure (CVE-2016-6220)
An XML external entity XXE processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTT...
OpenJPEG JPEG2000 Image Processing Out-of-Bounds Write (CVE-2016-8332)
An out-of-bounds write vulnerability has been discovered in OpenJPEG. The vulnerability is due to a lack of validation on the index values of MCC markers when parsing maliciously crafted JPEG2000 image files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciou...
Black Hole Exploit Kit Website Redirection
Black Hole Exploit Kit exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Black Hole EK by redirecting them to a malicious web page. Successful infection will allow the attacker to download additional...
Squid Proxy ESI Response Processing Denial of Service (CVE-2016-4555)
A denial of service vulnerability has been reported in the Edge Side Includes ESI component of the Squid proxy. The vulnerability is due to incorrect pointer handling when processing ESI responses. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the targ...
GD Library LibGD Integer Overflow (CVE-2016-5766)
A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code...
OpenSSL SSL_peek Infinite Loop Denial of Service (CVE-2016-6305)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSLpeek API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection...
Microsoft Internet Explorer NetBIOS Spoofing (MS16-063: CVE-2016-3213)
A spoofing vulnerability exists in Microsoft Internet Explorer. The root cause is that an attacker can spoof WAPD requests and force the browser to switch to local Intranet. A remote attacker can exploit this issue by sending a specially crafted meeting request...
Adobe Acrobat and Reader Use After Free (APSB16-33: CVE-2016-6988)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
SQL Servers SQL Injection Obfuscation Techniques (CVE-2014-9239; CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)
Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential informatio...
AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection
A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to getdirectivekdb.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application...
Microsoft Windows Graphics Component Remote Code Execution (MS16-120; CVE-2016-3393)
A remote code execution vulnerability has been reported in Microsoft Windows Graphics Component. The vulnerability is due to the improper handling of objects in the memory.A remote attackers could exploit this vulnerability by enticing users to view a specially crafted web page, or a document fil...
Joomla Core Unauthorized Account Creation (CVE-2016-8870)
A vulnerability exists in Joomla Core. The vulnerability is due to insufficient validation during user registration. Unauthorized attackers can remotly exploit this vulnerability to create any account in a Joomla system...
Joomla Core Privilege Escalation (CVE-2016-8869)
A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...
IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)
A remote code execution vulnerability has been reported in IBM WebSphere. The vulnerability is due to an untrusted deserialization of data when the WASPostParam cookie is present in the request. A remote, authenticated attacker can exploit this vulnerability by sending a request containing a...
Apache OpenMeetings Event Description Cross-Site Scripting (CVE-2016-2163)
A cross-site scripting vulnerability has been reported in the event handling component of Apache OpenMeetings. The vulnerability is due to insufficient validation of input for event descriptions. A remote, authenticated attacker could exploit this vulnerability by scheduling an event with a craft...
op5 Monitor command_test.php Command Injection
A cross-site request forgery vulnerability leading to command injection has been reported in the commandtest.php script of op5 Monitor. The vulnerability is due to a lack of any cross-site request forgery prevention mechanism. A remote attacker could exploit this vulnerability by enticing an...
Trellian FTP Client PASV Remote Buffer Overflow (CVE-2010-1465)
A code execution vulnerability exists in Trellian FTP client 3.01 , including 3.1.3.1789. The vulnerability is due to a stack buffer overflow when processing PASV FTP responses. Remote attackers can exploit this vulnerability by sending long PASV response and execute arbitrary code...
Javascript Injection for Eval-based Unpackers
A code injection vulnerability exists in eval-based unpackers. The vulnerability is due to insufficient input validation. An attacker can generate a javascript file that executes arbitrary code when an eval-based unpacker is run on it...
Adobe Reader and Acrobat Use After Free Code Execution (APSB16-33: CVE-2016-6971)
A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...
Digium Asterisk PJSIP Stack ACK Denial of Service
A denial of service vulnerability exists in Digium Asterisk when the PJSIP stack is used. The vulnerability is due to improper processing of ACKs from an unrecognized endpoint, that causes a NULL pointer dereference. A remote unauthenticated attacker can exploit this vulnerability by sending an A...
ASUSWRT LAN Backdoor Remote Command Execution (CVE-2014-9583)
A remote command execution vulnerability exists in Asuswrt. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
HP Data Protector Remote Command Execution (CVE-2016-2004)
An arbitrary command execution vulnerability exists in the HPE Data Protector. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service. Successful exploitation could lead to arbitrary command execution under the context of...
Adobe IExternalizable Interface Use After Free Code Execution (CVE-2016-7855)
A Use After Free vulnerability exists in Adobe IExternalizable Interface. The vulnerability is due to a reuse of a freed Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted SWF file...
PHP 7 Uninitialized Value Remote Code Execution
A Remote Code Execution vulnerability exists in PHP 7. A remote attacker can exploit this vulnerability by sending specially crafted input to the inf variable...
Transport Layer Security (TLS) Version 1.1
Transport Layer Security TLS is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. TLSv1.1 is considered obsolete and insecure, and is deprecated in favor of a more advanced TLS protocol. This protection will detect and block any use of...
Transport Layer Security (TLS) Version 1.0
Transport Layer Security TLS is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. TLSv1.0 is considered obsolete and insecure, and is deprecated in favor of a more advanced TLS protocol. This protection will detect and block any use of...
Transport Layer Security (TLS) Version 1.2
Transport Layer Security TLS is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. This protection will detect and block any use of TLSv1.2 protocol...
Veil Evasion Payloads
Veil-Evasion is an open source tool that generates malicious executables. A remote attacker could send executable files to an unprotected system, and trigger their execution on that system...
Microsoft Windows Domain User Code Execution (MS16-110; CVE-2016-3368)
A code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way objects are handled in memory. A remote attacker with domain credentials can exploit this vulnerability by sending specially crafted requests to the target server...
Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution
A remote command execution vulnerability exists in Trend Micro Safe Sync for Enterprise ad.pm page. The vulnerability is due to insufficient validation of the user-supplied id parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable...
Adobe Acrobat and Reader Memory Corruption (APSB16-33: CVE-2016-6970)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...
Symantec Endpoint Protection Manager Remote Privilege Escalation (CVE-2015-1487; CVE-2015-1489)
A vulnerability exist in Symantec Endpoint protection. These vulnerability include privilege escalation, path traversal and binary planting. Attackers can exploit this issue to gain elevated privileges on the affected computer...
Adobe Acrobat and Reader Use After Free (APSB16-33: CVE-2016-6965; CVE-2016-6967; CVE-2016-6968; CVE-2016-6969)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
PHP 7 Unserialization Malicious toString Remote Code Execution (CVE-2016-7479)
A Remote Code Execution vulnerability exists in PHP 7. A remote attacker can exploit this vulnerability by sending specially crafted input to the unserialize function...
Adobe Flash Player Use After Free Code Execution (APSB16-32: CVE-2016-6987)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...