13538 matches found
Microsoft Windows WPAD Proxy Discovery Elevation of Privilege (MS16-077; CVE-2016-3236)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to improper handling of certain proxy discovery scenarios using the Web Proxy Autodiscovery WPAD protocol method. A remote attacker can exploit this issue by sending specially crafted NBNS responses...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-0199)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...
Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)
An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3206)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bound write access. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4150)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3222)
A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...
Microsoft Windows Win32k Elevation of Privilege (MS16-074: CVE-2016-3219)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on disk. A successful exploitation could allow an attacker to run arbitrary code with elevated...
Microsoft Windows PDF Library Information Disclosure (MS16-080: CVE-2016-3201)
An out of bound memory access vulnerability was discovered within Microsoft Edge PDF reader and Windows PDF Library. The vulnerability is due to an error in parsing a malformed PDF document. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3211)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the drag and drop API call operations. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...
Adobe Flash Player Heap Overflow (APSB16-18: CVE-2016-4136)
A Heap Overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Heap Overflow (APSB16-18: CVE-2016-4135)
A Heap Overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
WordPress Pingback Denial Of Service
WordPress XML-RPC pingback mechanism is used to link a blog to another. This mechanism can be exploited to execute a distributed denial of service DDoS attack either on the vulnerable website or to force the website to take part in a DDoS attack on a third party...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-4121)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Squid Long String Header Processing Assertion Failure (CVE-2016-2569)
A denial-of-service vulnerability has been reported in Squid. The vulnerability is due to the way Squid uses a String object of a certain maximum length to store incoming headers, such as the Vary header, in HTTP responses. Long strings in headers can cause an assertion failure...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4133)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
WordPress LoginWall Plugin Remote File Inclusion
A Remote File Inclusion vulnerability exists in WordPress LoginWall Plugin. Successful exploitation of this vulnerability would allow a non-authenticated attacker to include remote files and execute arbitrary code on the vulnerable system...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4132)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4147)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4155)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4156)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Type Confusion (APSB16-18: CVE-2016-4149)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Type Confusion (APSB16-18: CVE-2016-4144)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...
Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4143)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4148)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4146)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4154)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4151)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4153)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4152)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
BlindElephant Web Application Fingerprinter
A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use BlindElephant Web Application Fingerprinter to detect vulnerabilities on a target server...
MySQL Failed Memory Allocation Denial of Service (CVE-2015-4870)
A vulnerability exists in MySQL server. The vulnerability is triggered due to failed memory allocation. Successful exploitation of this vulnerability causes the server process to terminate...
Microsoft Edge JavaScript Engine Memory Corruption (MS16-052: CVE-2016-0186)
A memory corruption vulnerability exists in Microsoft Edge Chakra JavaScript Engine. This vulnerability is due to an improper validation in Array.unshift or Array.shift methods. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
WordPress Simple Backup Plugin Unauthorized File Access
An Information Disclosure vulnerability exists in WordPress Simple Backup Plugin. Successful exploitation would allow a remote attacker to copy restricted files with privileged information from the affected system...
Adobe Acrobat Reader Use-After-Free (APSB16-14: CVE-2016-1061)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Magento Braintree Credit Card Stealer
A code execution vulnerability has been reported in Braintree extension of Magento. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code on the affected system, thereby gaining access to confidential credit card information...
WordPress WP Mobile Detector Plugin Arbitrary File Upload
An Arbitrary File Upload vulnerability exists in WordPress WP Mobile Detector Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat Reader Security Bypass (APSB16-14: CVE-2016-1062)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1093)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
DotNetNuke Administration Authentication Bypass (CVE-2015-2794)
An authentication bypass vulnerability exists in DotNetNuke. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1088)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Use After Free (APSB16-14: CVE-2016-1094)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Leak (APSB16-14: CVE-2016-1092)
A memory leak vulnerability exists in Adobe Reader. The vulnerability is due to an error in Adobe Reader while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted PDF file...
ManageEngine Firewall Analyzer runQuery guest user SQL Injection
An SQL injection vulnerability exists in ManageEngine Firewall Analyzer. This vulnerability is due to the use of hardcoded credentials and insufficient validation of request parameters in HTTP requests to the runQuery servlet. By sending crafted requests to an affected server, a remote attacker c...
GnuTLS DistinguishedName Decoding Double Free - ver 2 (CVE-2015-6251)
A double-free vulnerability has been reported in GnuTLS. The vulnerability is due to an error within gnutlsx509dntostring while processing very long Distinguished Name values in X.509 certificates. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate ...
WordPress CP Polls Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress CP Polls Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
WordPress WP Advanced Importer Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress WP Advanced Importer Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Adobe Acrobat And Reader Memory Corruption (APSB16-14: CVE-2016-1095)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
WordPress Booking Calendar Contact Form Plugin SQL injection
An SQL injection exists in the WordPress Booking Calendar Contact Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress RobotCPA Plugin Local File Inclusion
An information disclosure vulnerability exists in WordPress RobotCPA Plugin. Successful exploitation of this vulnerability could allow a remote attacker to access the content of files found on the web server...
WordPress Jetpack Shortcode Embeds Module Code Injection
A cross-site scripting vulnerability exist reported in WordPress JetPack plugin Shortcode Embeds module. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...