13538 matches found
WordPress ACF Frontend Display Plugin Arbitrary File Upload
An Arbitrary File Upload vulnerability exists in WordPress Advanced custom Fields ACF Frontend Display Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Flash Player Security Bypass (APSB16-10: CVE-2016-1006)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Microsoft Windows MSXML 3.0 Remote Code Execution (MS16-040: CVE-2016-0147)
A use after free vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows parses an XML file. A remote attacker can exploit this issue by enticing a target victim to run a specially crafted XML file. Successful exploitation could trigger arbitrary code...
Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0164)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web pa...
Microsoft Windows CSRSS Security Feature Bypass (MS16-048: CVE-2016-0151)
An elevation of privilege vulnerability exists in Microsoft Windows CSRSS. The vulnerability is due to an error in the way windows kernel verifies tokens. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...
Microsoft Windows Graphics Memory Corruption (MS16-039: CVE-2016-0145)
A vulnerability was found in Microsoft Windows that could potentially lead to remote code execution. The main cause is the lack of validation on glyph bitmap boundary during scaling operation. This vulnerability can be exploited using a malformed font file TTF...
Adobe Flash Player Type Confusion (APSB16-10: CVE-2016-1015)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Buffer Overflow (APSB16-10: CVE-2016-1018)
A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0156)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service (CVE-2015-8705)
A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to improper conversion of OPT resource records ECS options to text format. A remote, unauthenticated attacker could exploit this vulnerability against Recursive or Authoritative DNS servers tha...
Microsoft Office Memory Corruption (MS16-042: CVE-2016-0127)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Insecure Library Loading (APSB16-10: CVE-2016-1014)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insecure library loading while handling certain files. A remote attacker could exploit this issue by enticing a user to open a legitimate file that will insecurely load a specially crafted D...
Adobe Flash Player Use After Free Code Execution (APSB15-32: CVE-2015-8822)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1016)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Microsoft Office Memory Corruption (MS16-042: CVE-2016-0139; CVE-2016-0140)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0157)
A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Office Memory Corruption (MS16-042: CVE-2016-0122)
A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted fi...
Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0155)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Windows Secondary Logon Denial of Service (MS16-046: CVE-2016-0135)
A remote denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles memory blocks while using the LSARPC protocol. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0166)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web pa...
Microsoft Edge Elevation of Privilege (MS16-038: CVE-2016-0161)
A cross site scripting vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge handles an exit event. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microso...
Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1017)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Microsoft Edge Elevation of Privilege (MS16-038: CVE-2016-0158)
An elevation of privilege vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge validates permissions under specific conditions. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with a...
Microsoft Office Memory Corruption (MS16-042: CVE-2016-0136)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0154)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Windows OLE Remote Code Execution (MS16-044: CVE-2016-0153)
A vulnerability was identified in Microsoft Word while processing an embedded object within a word document that could lead to a stack memory corruption. The Stack Corruption occures in ole32!OleRegEnumVerbs Functionis with an out of bound write...
Microsoft Win32k Elevation of Privilege (MS16-039: CVE-2016-0165)
An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows deals with allocation of an Edge buffer. A remote attacker can exploit this vulnerability by running a specially crafted application...
Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0159)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Ipswitch WhatsUp Professional Source Disclosure (CVE-2006-2357)
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...
Samba LDAP Server libldb Infinite Loop Denial of Service (CVE-2015-3223)
A denial-of-service vulnerability has been reported in the Samba LDAP server. The vulnerability is due to a error in processing certain LDAP requests by the libldb library used by the Samba daemon. A remote, authenticated attacker could exploit this vulnerability by sending malicious packets to...
Nginx DNS Resolver Denial of Service (CVE-2016-0742)
A denial-of-service vulnerability exists in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote, man-in-the-middle attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server...
Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1011)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB16-10: CVE-2016-1012)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1013)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Remote Code Execution (APSA16-01: CVE-2016-1019)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected syst...
AWStats Totals awstatstotals.php sort Parameter Code Execution (CVE-2008-3922)
A code execution vulnerability has been reported in AWStats Totals. The vulnerability is due to insufficient sanitization of the "sort" parameter in the "awstatstotals.php". A remote attacker could exploit this vulnerability by dynamically creating an anonymous PHP function...
SwitchBlade Denial of Service Tool
SwitchBlade is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...
SIPVicious Security Scanner
SIPVicious is a vulnerability scanning product. Remote attackers can use SIPVicious to detect vulnerabilities on a target server...
Microsoft Windows RPC Authentication Downgrade (MS16-047: CVE-2016-0128; CVE-2016-2118)
A security bypass vulnerability, also referred to as BadLock, exists in Microsoft Windows clients connecting to Samba Servers. The vulnerability is due to an authentication design weakness...
SadAttack Denial of Service Tool
SadAttack is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...
The Beast Security Scanner
A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the The Beast security scanner to detect vulnerabilities on a target server...
Suspicious Office File Mail Phishing Attempt
Certain exploits or ransomware can be downloaded using office file extensions as mail attachments . A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
Oracle Java SE Security Sandbox Escape (CVE-2013-5838; CVE-2016-0636)
A Java security sandbox escape vulnerability exists in Oracle Java SE, due to an input validation error. A remote attacker could entice a user running a browser which uses an affected Oracle Java SE release to visit a malicious web page that leverages this vulnerability. Successful exploitation c...
WordPress WPshop eCommerce Plugin Arbitrary File Inclusion
A File Inclusion vulnerability exists in WordPress WPshop eCommerce Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code ...
WordPress DZS ZoomSounds Plugins Remote File Inclusion
A Remote File Inclusion vulnerability exists in WordPress DZS ZoomSounds Plugins. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary...
WordPress Slider Revolution Plugin Remote File Inclusion
A Remote File Inclusion vulnerability exists in WordPress Slider Revolution Plugin. Successful exploitation of this vulnerability would allow a non-authenticated attacker to include remote files and execute arbitrary code on the vulnerable system...
WordPress Simple Ads Manager Plugin Arbitrary File Inclusion (CVE-2015-2825)
A File Inclusion vulnerability exists in WordPress Simple Ads Manager Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...
WordPress InBoundio Marketing Plugin Remote File Inclusion
A vulnerability in WordPress InBoundio Marketing plugin allows users to upload files without proper validation of file type. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system...
Apple OSX File With Non-Executable File Extension Arbitrary File Execution
Certain malicious OSX files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
Cross-Site Scripting Scanning Attempt (CVE-2015-4661; CVE-2019-16385; CVE-2019-9167; CVE-2020-10946; CVE-2020-12261; CVE-2020-13228; CVE-2020-13627; CVE-2020-13628; CVE-2020-14953; CVE-2021-21801; CVE-2021-25080; CVE-2022-25305; CVE-2022-28102)
Remote attackers use Cross-Site Scripting scanning in order to locate potential Cross-Site Scripting vulnerabilities on a target server, which could be later used for attacks...