13538 matches found
FreePBX Framework modulefunctions.class.php display SQL Injection
A SQL injection vulnerability exists in FreePBX. Successful exploitation could lead to arbitrary command execution on the affected system...
FreePBX Framework Recordings Module Remote Command Execution
A remote command execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the Recordings module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page. Successful exploitation could lead to...
Microsoft Windows Elevation of Privilege (MS16-111: CVE-2016-3373)
An elevation of privilege vulnerability exists in Microsoft Windows. A malicious user can bypass a security check in Windows to read and write registry hive files under a hidden registry hive which could enable an elevation of privilege. Successful exploitation could allow an attacker to run...
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3375; CVE-2017-11913)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling scripts. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way th...
Microsoft Browser Information Disclosure (MS16-104: CVE-2016-3351)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer and EDGE browsers. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an...
Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3363)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows Win32k Elevation of Privilege (MS16-106: CVE-2016-3348)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated privileges...
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3247)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer and Edge. The vulnerability is due to an out of bounds read when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Adobe Flash Player Security Bypass (APSB16-29: CVE-2016-4271)
A security bypass vulnerability has been reported in Adobe Flash Player. This vulnerability is an instance of a sandbox escape vulnerability. The specific vulnerability exploits two uncommon ways of encoding an URI that lead to information leakage, effectively bypassing protections provided by th...
Adobe Flash Player Use After Free Code Execution (APSB16-29: CVE-2016-4272)
A memory corruption vulnerability exist in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4282)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4284)
A memory corruption vulnerability exist in Adobe Flash Player. The vulnerability is caused by a crafted SWF file which causes an out of bounds memory access. A remote attacker can exploit this issue in order to trigger an access violation exception...
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4274)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Windows PDF Library Remote Code Execution (MS16-080: CVE-2016-3203; CVE-2016-3370)
An out of bound memory access vulnerability exists within Microsoft Edge PDF reader and Windows PDF Library. The vulnerability is due to an error in evaluating the correct value of a buffer. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3364)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3297)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that executes malicious...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3359)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3365)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3381)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Elevation of Privilege (MS16-104: CVE-2016-3292)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Browser Information Disclosure (MS16-105 : CVE-2016-3325)
An out-of-bounds read vulnerability was discovered within Microsoft Edge. The vulnerability is due to an error in the way Microsoft Office improperly handles double response in the same buffered inputs. A remote attacker can exploit this issue by sending double response in the same buffered input...
Microsoft Edge Memory Corruption (MS16-105: CVE-2016-3377)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in...
Microsoft Edge Memory Corruption (MS2016-08: CVE-2016-3294)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Adobe Flash Player Use After Free (APSB16-29: CVE-2016-4279)
This vulnerability is an instance of a use after free vulnerability. A constraint for exploitation of this vulnerability is that the memory area of the freed object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access...
Microsoft Windows GDI Component Information Disclosure (MS16-106: CVE-2016-3355)
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious executable file. Successful exploitation of this issue can lead to...
Schneider Electric SoMachine HVAC AxEditGrid ActiveX Untrusted Pointer Dereference (CVE-2016-4529)
The vulnerability is due to a dereference of user-supplied SetDataIntf parameter value as a function pointer within the AxEditGrid ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to open a specially crafted web page. Successful...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3360)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3357)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3295)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3324)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3362)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3358)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Micro Focus GroupWise Post Office Agent Integer Overflow (CVE-2016-5762)
An integer overflow vulnerability leading to a heap-based buffer overflow exists in the Post Office Agent component of Micro Focus GroupWise. The vulnerability is due to insufficient validation of usernames and passwords submitted to the Post Office Agent. A successful attack could result in...
Microsoft Windows Elevation of Privilege (MS16-111: CVE-2016-3306)
An elevation of privilege vulnerability exists in Microsoft Windows Server. The vulnerability is caused when Microsoft Windows fails to handle executable programs being ran by two users. A remote attacker can exploit this issue by enticing a victim to run a specially crafted file...
Microsoft Windows PDF Library Information Disclosure (MS16-115: CVE-2016-3374)
An out of bounds memory access vulnerability exists within Microsoft Edge and Windows PDF Library. The vulnerability is due to an error in parsing a malformed PDF document. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Repetitive SMB Rename Command Attempts
Ransomwares access shared folder in order to encrypt files. Successful exploitation might lead to loss of sensitive data...
Microsoft Word Document Malicious Known Downloaders
Microsoft Office files might contain malicious downloaders. A remote attacker could send spam e-mails including such downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Canon IR-ADV Password Extractor
An authentication bypass vulnerability exists in Canon IR-ADV. A remote attacker can exploit this vulnerability by extracting the passwords from address books on various Canon IR-Adv mfp devices...
Suspicious Web Page Phishing Attempt
Phishing URL attacks attempt to acquire a victim's credentials to well-known sites. The attacker uses embedded redirection links in order to gain the victim's account information...
IBM WebSphere Application Server SIP Processing Denial of Service (CVE-2016-2960)
A denial-of-service vulnerability has been reported in IBM WebSphere Application Server. The vulnerability is due to improper validation of SIP messages. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SIP messages to the target server. Successful exploitation...
WECON LeviStudio Address Name Heap Buffer Overflow
The vulnerability is due to improper parsing of XML Address Name attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project. Successful exploitation could allow the attacker to execute arbitrary code under the security...
ManageEngine OpManager APMIntegBusinessViewHandler OPM_BVNAME SQL Injection
This vulnerability is due to insufficient validation of the OPMBVNAME parameter when processing requests sent to APMIntegBusinessViewHandler servlet. A remote, unauthenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server...
Linux Kernel x86-64 IA32SysCall Privilege Escalation (CVE-2010-3301)
An old vulnerability has been reintroduced in certain versions of the Linux Kernel that could be exploited by local unprivileged users to elevate their default system designated privileges to the higher kernel level privileges. The vulnerability is due to an error that kernel does not zero-extend...
Trend Micro IWSVA Command Injection
A command injection vulnerability has been reported in Trend Micro Interscan Web Security. This vulnerability exists due to improper validation of the HTTP request parameters when processing requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted...
MOXA MediaDBPlayback ActiveX Control Buffer Overflow (CVE-2010-4742)
A buffer overflow vulnerability exists in MOXAActiveXSDK. The vulnerability is due to mishandling an overly long string. Remote attackers can exploit this vulnerability by enticing a target user to open a specially crafted web page with an embedded media file...
Ransomware Shared Folder Access
Ransomwares access shared folder in order to encrypt files. Successful exploitation might lead to loss of sensitive data...
Phishing URL Attack Attempt
Phishing URL attack attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. The attacker uses embedded redirection links in order to gain the victim's account information...
Moxa SoftCMS CGI Program SQL Injection (CVE-2016-5792)
A SQL injection vulnerability has been reported in Moxa SoftCMS. The vulnerability is due to insufficient input validation on user supplied input. A remote attacker can exploit this vulnerability by providing a crafted input to the product. Successful exploitation would allow the attacker to...
WordPress dl-skin.php Arbitrary File Download
An arbitrary file download vulnerability exists in dl-skin.php file. A remote attacker might gain access to arbitrary files using a specially crafted HTTP request...