13538 matches found
Hmap Web-Server Fingerprint Tool
A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Hmap web application fingerprint tool to detect vulnerabilities on a target server...
Suspicious Webpage JavaScript Downloader
Certain malicious executable files can be hidden using js downloader file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
Apache Struts REST plugin Remote Code Execution (CVE-2016-4438)
A Remote Code Execution vulnerability exists in Apache Struts REST plugin. By sending a request containing a specially crafted expression, a remote attacker can exploit this vulnerability in order to execute arbitrary code on an Apache server...
Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)
A code execution vulnerability exists in Apache Struts. The vulnerability is due the way the OGNL expressions are processed when DMI is enabled and the REST plugin is used. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitatio...
Liferay Portal User Account Stored Cross Site Scripting (CVE-2016-3670)
A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a use...
Adobe Acrobat and Reader Use After Free (APSB16-14: CVE-2016-1050)
A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Acrobat and Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...
Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1046)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
NewsGator FeedDemon Stack Buffer Overflow (CVE-2009-0546)
This module exploits a buffer overflow vulnerability in FeedDemon. When the application is used to import a specially crafted opml file, a buffer overflow occurs allowing arbitrary code execution...
Apple QuickTime FPX File Parsing Memory Corruption (CVE-2016-1767)
A memory corruption vulnerability exists in Apple QuickTime. The vulnerability is due to improper parsing of FlashPix files. A remote attacker may exploit this vulnerability by enticing a victim into opening a crafted FlashPix file...
Apple QuickTime PSD File Parsing Memory Corruption (CVE-2016-1769)
A memory corruption vulnerability exists in Apple QuickTime. The vulnerability is due to improper parsing of Photoshop files. A remote attacker may exploit this vulnerability by enticing a victim into opening a crafted PSD file. Successful exploitation could lead to arbitrary code execution under...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4141)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted JPEG-XR file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted JPEG-XR file...
Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1045)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Nagios XI Incident Manager Integration Component SQL Injection
A SQL injection vulnerability has been reported in the Nagios Incident Manager IM integration component of Nagios XI. The vulnerability is due to insufficient parameter validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a special...
Adobe Flash Player Buffer Overflow (APSB16-18: CVE-2016-4138)
A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted ATF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ATF file...
Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4142)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)
An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4137)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted ATF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ATF file...
Shopware getTemplateName Local File Inclusion (CVE-2016-3109)
A local file inclusion vulnerability has been reported in Shopware. This vulnerability is due to insufficient input validation in the getTemplateName method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitati...
Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1039)
A security bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a specially crafted PDF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1073)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...
Microsoft Office Files Containing Malicious VBScript Downloader
Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)
A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1072)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
Squid Proxy ESI Component Stack Buffer Overflow (CVE-2016-4054)
A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes ESI component of the Squid proxy. The vulnerability is due to improper handling of ESI response packets. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the target...
Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)
A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...
Squid Squoison Host Header Cache Poisoning (CVE-2016-4553)
A cache poisoning vulnerability exists in Squid proxy when configured as a transparent proxy. The flaw is caused by improper inspection of the Host header against the URI in the HTTP request line. An attacker can exploit this flaw by sending a crafted request to some website through the proxy...
Adobe Flash Player Memory Corruption (APSA16-03: CVE-2016-4171)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Schneider Electric HMI Denial Of Service Tool
Schneider Electric HMI DoS Tool is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
Microsoft Windows ATMFD.DLL Elevation of Privilege (MS16-074: CVE-2016-3220)
An out of bound memory access vulnerability exists in Microsoft Windows ATMFD.DLL. The root cause is within atmfd.dll sub components that miscalculate indices to an array when dealing with a specially crafted ttf file. A successful exploitation could allow an attacker to run arbitrary code with...
Microsoft Win32k Elevation of Privilege (MS16-073: CVE-2016-3221)
A null pointer dereference vulnerability exists in Microsoft Windows. The root cause comes from win32k sub component when handling desktop creation. If successfully exploited, an attacker could elevate his privileges on the local system...
Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1038)
A security bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in handling trusted JavaScript functions. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3210)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...
Microsoft Office Memory Corruption (MS16-070: CVE-2016-0025)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1074)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat's Universal 3D Engine. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1044)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...
Schneider Electric Magelis HMI Advanced Panel Remote Denial Of Service (CVE-2016-8367; CVE-2016-8374)
A denial of service vulnerability exists in Schneider Electric Magelis HMI Advanced Panel, AKA Panelshock. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This...
Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3199)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Office Information Disclosure (MS16-070: CVE-2016-3234)
An out of bound memory access vulnerability was discovered within Microsoft office word. The root cause comes from wwlib.dll sub components that could lead to an out of bound memory read when processing a malformed rtf document...
Microsoft Windows PDF Library Information Disclosure (MS16-080: CVE-2016-3215)
A vulnerability exists in Microsoft EDGE and Windows PDF Library that could lead to an out of bound memory access. The root cause of this vulnerability is an error when parsing a malformed JPEG2000 image header embedded within the PDF document. A successfully exploitation of this issue could allo...
Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3222)
A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3206)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bound write access. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would...
Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)
An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Microsoft Internet Explorer XSS Filter Bypass (MS16-063: CVE-2016-3212)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the JS prevents an object from loading. A remote attacker can exploit this issue by enticing a user to open a specific web-page with a relevant query on an affected version of Internet...
Microsoft Office Memory Corruption (MS16-070: CVE-2016-3233)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows Win32k Elevation of Privilege (MS16-074: CVE-2016-3219)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on disk. A successful exploitation could allow an attacker to run arbitrary code with elevated...
Microsoft Edge Security Feature Bypass (MS16-068: CVE-2016-3198)
A vulnerability was discovered within Mirosoft EDGE that could allw security feature bypass. The vulnerability could allow an attacker to bypass the Content Security Policy CSP...
Adobe Acrobat and Reader Use After Free Code Execution (APSB16-14: CVE-2016-1075)
A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...
Microsoft Office winword Information Disclosure (MS16-074: CVE-2016-3216)
An out of bound read vulnerability exists within Microsoft Office winword application. The problem is caused by improper parsing of the EMF files. A successfull exploitation of the issue would allow an attacker to perform sensitive information disclosure that could be used to bypass some exploit...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3207)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...