13538 matches found
ESF pfSense status_rrd_graph_img.php Command Injection
A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...
WordPress CSV Import Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress CSV Import Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
SolarWinds SRM Profiler SQL Injection (CVE-2016-4350)
An SQL injection vulnerability has been reported in SolarWinds Storage Manager Resource Monitor, Profiler Module. This vulnerability is due to insufficient validation in several parameters when processing HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending ...
GD Library libgd gd_gd2.c Heap Buffer Overflow (CVE-2016-3074)
A heap buffer overflow vulnerability has been reported in libgd. The vulnerability is due to a signedness error that leads to a heap buffer overflow. Libgd is included within PHP. A remote attacker can exploit this flaw having the target process a crafted malicious GD2 file...
Diasoft File Replication Pro ExecCommand Command Execution
A command execution vulnerability exists in Diasoft File Replication Pro. This is due to exposure of the dangerous remote procedure call feature. A remote attacker can exploit this vulnerability by simply calling the ExecCommand RPC API...
Magento API unserialize Remote Code Execution (CVE-2016-4010)
A remote code execution vulnerability exists in the e-commerce platform Magento. The vulnerability is due to deserialization of attacker controlled objects via the checkout API. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted Web API request to the target...
Flexera FlexNet Publisher License Server Buffer Overflow (CVE-2015-8277)
Two buffer overflow vulnerabilities have been discovered in the FlexNet Publisher license server manager. These vulnerabilities are due to improper bounds checking in a custom strncpy function when handling requests received over the network. An attacker could leverage these vulnerabilities by...
Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)
An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...
Suspicious Link Redirection JavaScript Phishing Attempt
Several phishing campaigns use embedded redirection links in order to lure the victim user to download malicious files. Successful exploitation could result in arbitrary code running on the victim machine when the malicious file is opened...
Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1098)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1099)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1100)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Buffer Overflow (APSB16-15; CVE-2016-1101; CVE-2016-1102; CVE-2016-1103; CVE-2016-1104)
A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1097)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
WordPress WP Advanced Comment Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress WP Advanced Comment Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1109)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Trend Micro Antivirus Password Manager Code Injection
A code injection vulnerability exists in the Trent Micro Password Manager. The vulnerability is due to the Nodejs server incorrectly validating HTTP requests to the "/api/showSB" URI. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web page...
Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection (CVE-2016-2002)
A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. The vulnerability is due to insufficient input sanitation. A remote, unauthenticated attacker may exploit this vulnerability by sending a crafted HTTP request. Successful exploitation...
Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)
A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...
Adobe Acrobat And Reader Double-Free (APSB16-02: CVE-2016-1111)
A double-free vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1110)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-4108)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
WordPress FAQ WD Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress FAQ WD Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
WordPress SP Projects and Document Manager Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress SP Projects and Document Manager Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress Robo Gallery Plugin remote Code Execution
A code execution vulnerability exists in WordPress Robo Gallery Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess SCADA Dashboard Arbitrary File Upload (CVE-2016-0854)
An arbitrary file upload vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the uploadImageCommon, uploadFile or uploadBannerImage methods in the UploadAjaxAction script. A remote, unauthenticated...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1108)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1106)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1096)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Type Confusion (APSB16-15: CVE-2016-1105)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1107)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)
An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1086)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Apache Struts XSLTResult File Inclusion (CVE-2016-3082)
A file inclusion vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to a failure to validate user's input when stylesheet is being passed as a request parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...
Adobe Acrobat And Reader Memory Corruption (APSB16-14: CVE-2016-1116)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Squid HTTP Response Processing Denial of Service (CVE-2016-3948)
The vulnerability is due to improper bounds checking while processing HTTP responses. A remote, unauthenticated attacker can exploit this vulnerability by returning crafted HTTP responses to the vulnerable proxy server. Successful exploitation of the vulnerability could lead to denial-of-service...
Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1037)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
WordPress Core Flash File Same-Origin Method Execution (CVE-2016-4566)
A same-origin method execution vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
ISC BIND rndc Control Channel Assertion Failure Denial of Service (CVE-2016-1285)
A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interfa...
WordPress Core Flash File Cross-Site Scripting (CVE-2016-4567)
A cross-site scripting vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
ISC BIND DNS Cookie Assertion Failure Denial of Service (CVE-2016-2088)
A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improperly processing DNS cookies. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server...
Oracle GlassFish Server ThemeServlet Directory Traversal
A directory traversal vulnerability exists in Oracle GlassFish Server. The vulnerability is due to insufficient input validation while processing HTTP requests to the /theme/ URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable...
ISC BIND DNAME RRSIG Assertion Failure Denial of Service (CVE-2016-1286)
A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improperly processing DNAME resource record signature RRSIG records. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server...
Advantech WebAccess SCADA Dashboard Directory Traversal (CVE-2016-0855)
A directory traversal vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the openWidget, removeFolder or removeFile methods in the FileAjaxAction script. A remote, unauthenticated attacker could explo...
Adobe Flash Out of Bounds Access Code Corruption (CVE-2016-4117)
An out of bounds access vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type-confused parameter in Adobe Flash Player SWF file. A remote attacker can exploit this issue by using the out of bounds access for unintended reads, writes or frees – potentially leadi...
Microsoft Internet Explorer Information Disclosure (MS16-051: CVE-2016-0194)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling files. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Microsoft Office Memory Corruption (MS16-054: CVE-2016-0126)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows Win32k Elevation of Privilege (MS16-062: CVE-2016-0176)
A heap corruption vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel is calculating the correct size of the current tocken, which will lead to a buffer overflow. A remote attacker can exploit this vulnerability by running a specially crafted...
Microsoft HTTP.sys HTTP 2.0 Denial of Service (MS16-049; CVE-2016-0150)
A denial-of-service vulnerability exists in Microsoft Windows' HTTP 2.0 protocol stack, HTTP.sys. The vulnerability is due to insufficient validation of HTTP 2.0 requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP packet to the target...
Microsoft Windows Win32k Elevation of Privilege (MS16-062: CVE-2016-0171)
An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows handles DC surface. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted application...