13538 matches found
Cisco Adaptive Security Appliance IKEv1 and IKEv2 multiple payloads Buffer Overflow (CVE-2016-1287)
A buffer overflow vulnerability exists in Cisco Adaptive Security Appliance software. The vulnerability is due to a failure on part of Internet Key Exchange version 1 and version 2 code to handle UDP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted...
WordPress MiwoFTP Plugin Arbitrary File Download
An arbitrary file download vulnerability exists in Wordpress MiwoFTP Plugin. The vulnerability is due to a parameter arriving from user input, which is not properly sanitized. By using a specially crafted HTTP request, a remote attacker might gain access to arbitrary files...
AnonStress Denial Of Service Tool
AnonStress is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
Apache Subversion svn Protocol Parser Integer Overflow (CVE-2015-5259)
An integer overflow vulnerability exists in Apache Subversion. The vulnerability is due to a flaw in the svn protocol parser. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests that will be processed by the svnserve protocol...
Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491)
A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation when processing HTTP request sent to URI "/olt/UploadFileUpload.do". A remote attacker can exploit this vulnerability by sending a malicious request to the...
Oracle Application Testing Suite DownloadServlet reportName Directory Traversal (CVE-2016-0476)
A directory traversal vulnerability has been reported in Oracle Load Testing component of Oracle Application Testing Suite. The vulnerability is caused due to improper handling of path names when downloading files via the Oracle Load Testing component. Unauthenticated remote attackers could explo...
Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow (CVE-2015-8572)
A heap buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to an error when processing GlobalColorTable flag and DataSubBlock size fields inside a GIF file. In order to exploit the vulnerability, the remote attacker needs to entice the target user to open a...
Microsoft Outlook Express NNTP handler Buffer Overflow (CVE-2005-1213)
A buffer overflow vulnerability has been reported in Microsoft Outlook Express. The vulnerability is due to an insufficient boundary checking when the vulnerable product processes Network News Transfer Protocol NNTP server responses. An attacker can exploit this vulnerability to inject and execut...
Apache Tomcat Web Manager Scanning Attempt
Remote attackers can send HTTP requests as a method of scanning for Apache Tomcat servers, in order to later exploit vulnerabilities in these servers to compromise the server's security...
ZMap Security Scanner over HTTP
A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the ZMap security scanner to detect vulnerabilities on a target server...
PHP Proxy Server Scanning Attempt
Remote attackers can send HTTP requests as a method of scanning for the existence of specific proxy servers with known vulnerabilities, in order to later exploit these vulnerabilities to compromise the server's security...
Multiple Routers Rom-0 Scanning Attempt
A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the Rom-0 vulnerability to get user credentials and other sensitive information...
Jorgee Security Scanner
A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the Jorgee security scanner to detect vulnerabilities on a target server...
Microsoft Windows DNS Use After Free (MS15-127: CVE-2015-6125)
A remote code execution vulnerability exists in Windows DNS servers when they fail to properly parse requests. An attacker could create a specially crafted application to connect to a Windows DNS server and then issue malicious requests to the server. Successful exploitation of this vulnerability...
Apache ActiveMQ Shutdown Command Denial of Service (CVE-2014-3576)
A denial of service vulnerability exists in Apache ActiveMQ. The vulnerability is due to missing authentication for the undocumented shutdown command. A remote, unauthenticated attacker may exploit this vulnerability by sending crafted packets to the server. Successful exploitation could lead to ...
Microsoft Office RTF Malicious Known Variables
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file a...
Apache Subversion mod_dav_svn Integer Overflow (CVE-2015-5343)
Heap overflow and out-of-bounds read vulnerabilities have been reported in the moddavsvn of Apache Subversion web servers. These vulnerabilities are caused by an integer overflow when parsing certain encoded requests. A remote, authenticated attacker could exploit this vulnerability by sending...
WordPress Ultimate Product Catalogue Plugin Unauthenticated File Upload
An unauthorized file upload vulnerability exists in WordPress Ultimate Product Catalogue Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...
Microsoft Data Access Components Overflow (CVE-2002-1142)
A heap-based buffer overflow vulnerability exists in Remote Data Services RDS component of Microsoft Data Access Components MDAC. The vulnerability is due to a design error in the processing of malformed HTTP request to the Data Stub. Successful exploitation of this vulnerability allows remote...
Suspicious HTTPS Gmail Mail Attachment Containing JavaScript Code
Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...
Suspicious Mail Attachment Containing JavaScript Code
Mail attachments containing JavaScript code were observed as part of various phishing campaigns. A remote attacker could send e-mails including those files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method ...
Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code
Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...
Adobe Acrobat And Reader Memory Corruption (APSB16-09: CVE-2016-1007)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Flash Player Integer Overflow (APSB16-08: CVE-2016-1010)
An integer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient boundary checking in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Acrobat and Reader updaternotifications.dll Library Loading (APSB16-09: CVE-2016-1008)
A code injection vulnerability has been discovered in Adobe Reader and Acrobat. The vulnerability is due to the updatenotification.dll component of Adobe Reader and Acrobat. A remote attacker might exploit this issue by convincing a victim to open a specially crafted PDF file...
WordPress Genericons Cross-Site Scripting (CVE-2015-3429)
A cross-site scripting vulnerability was found in the Genericons web font used in WordPress sites. A remote attacker could use this vulnerability to execute malicious JavaScript code on the client browser...
Microsoft Network Policy Server RADIUS Denial of Service (MS16-021; CVE-2016-0050)
A denial-of-service vulnerability exists in Microsoft Network Policy Server. The vulnerability is due to improper handling of username strings in RADIUS authentication requests. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted requests to the...
Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0995)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
WordPress Sensitive System Files Information Disclosure
An information disclosure vulnerability exists in multiple WordPress Plugins and themes. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...
Microsoft Windows Elevation of Privilege (MS16-031: CVE-2016-0087)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to type confusion. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted file...
LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow (CVE-2015-5212)
An integer underflow vulnerability exists in LibreOffice and OpenOffice. The vulnerability is due to insufficient size checks when processing the PrinterSetup data within ODF documents. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0111)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows OLE Memory Remote Code Execution (MS16-030: CVE-2016-0092)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused due to a missing bound checks. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Windows OpenType Font Parsing Remote Code Execution (MS16-026: CVE-2016-0121)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused when the Windows Adobe Type Manager Library improperly handles specially crafted fonts. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0103)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer due to out-of-bound write access during an inner operation. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memory...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0104)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0110)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer copies data between two mismatched size arrays considering only the size of the source array. A remote attacker can exploit this issue by...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0114)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows PDF Library Remote Code Execution (MS16-028: CVE-2016-0118)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0108)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Office Memory Corruption (MS16-029: CVE-2016-0021)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows PDF Library Remote Code Execution (MS16-028: CVE-2016-0117)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0113)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0112)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Office Memory Corruption (MS16-029: CVE-2016-0134)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0109)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0105)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
Microsoft Edge Memory Corruption (MS16-024: CVE-2016-0123)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows Media Parsing Remote Code Execution (MS16-027: CVE-2016-0101)
A code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles resources in the media library. A remote attacker can exploit this issue by enticing a victim to open specially crafted media content...