13538 matches found
Suspicious Image File Remote Code Execution Attempt
Certain malicious executable files can be hidden using image file name extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)
A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...
Magento Sales User Info Cross Site Scripting
A cross-site scripting vulnerability has been reported in Magento's core libraries. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system and acquire administrative permissions...
Angler Exploit Kit Redirection
Angler Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0946)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)
Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...
jQuery Suspicious URL Redirection (CVE-2018-18084)
A suspicious URL redirection to a possibly malicious jQuery domain has been encountered. By injecting JavaScript code, an attacker may redirect the user to an attacker-controlled website...
SQL Servers SQL Injection Characters Evasion Techniques
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
Adobe Acrobat and Reader Use After Free Code Execution (APSB16-02: CVE-2016-0940)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0932)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0938)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
WordPress WPML Plugin SQL Injection (CVE-2015-2314)
An SQL injection vulnerability exists in the WPML plugin for WordPress, allowing remote attackers to execute arbitrary SQL commands...
Adobe Acrobat and Reader JavaScript API Code Execution (APSB15-02: CVE-2016-0943)
A restriction bypass privileged JavaScript API execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the use of a trusted function which provides certain privileges that allow overwriting objects. A remote attacker can exploit this vulnerability by enticing the...
Adobe Acrobat and Reader Use-After-Free Code Execution (APSB16-02: CVE-2016-0941)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Use-After-Free (APSB16-02: CVE-2016-0937)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
WordPress Calculated Fields Form Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress Calculated Fields Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress Webdorado Spider Event Calendar Plugin SQL Injection (CVE-2015-2196)
An SQL injection vulnerability exists in Spider Event Calendar 1.4.9 for WordPress allowing remote attackers to execute arbitrary SQL commands...
Adobe Acrobat and Reader Double Free Remote Code Execution (APSB16-02: CVE-2016-0935)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a double-free error in Adobe Acrobat and Reader while handling objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF...
Adobe Acrobat Reader Memory Corruption (APSB16-02: CVE-2016-0939)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Use-After-Free (APSB16-02: CVE-2016-0934)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0936)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader decodes CMYK files where a JPEG image has invalid values for the three component chrominance subsampling. A remote attacker can exploit this vulnerability...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0933)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
JavaScript Malicious Reverse Obfuscation Technique
Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...
WordPress Tubepress Plugin Version 2 Cross Site Scripting
A cross-site scripting vulnerability has been reported in WordPress Tubepress Plugin 2. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0931)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Apple QuickTime MP4 Absent stbl Box Memory Corruption (CVE-2015-3667)
A memory corruption vulnerability has been reported in Apple QuickTime. The vulnerability is due to an issue with processing corrupted MPEG-4 MP4 files. A remote attacker could exploit this vulnerability by enticing a user to open a malicious .MP4 file. Successful exploitation could lead to...
Google Android Market URI Denial of Service (CVE-2012-6301)
A Denial of Service vulnerability has been reported in Google Android. The vulnerability is due to an insufficient validation of URI in the SRC attribute of an IFRAME element. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page...
Samba smbd Daemon Symlink Verification Information Disclosure (CVE-2015-5252)
An information disclosure vulnerability has been reported in Samba. The vulnerability is due to flaws in the symbolic link verification mechanism. A remote, authenticated attacker could exploit this vulnerability by using an SMB client to request for files or directories outside the share path...
Microsoft Silverlight Runtime Remote Code Execution (MS16-006: CVE-2016-0034)
A remote code execution vulnerability exists in Microsoft Silverlight. The vulnerability is due to incorrect handling of certain open and close requests that can result in read and write access violations. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a...
Microsoft Office Memory Corruption (MS16-004: CVE-2016-0035)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...
Microsoft Edge Memory Corruption (MS16-002: CVE-2016-0003)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to improper type checking of a variable. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...
Microsoft Scripting Engine Memory Corruption (MS16-002: CVE-2016-0024)
An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to lack of input validation within a DataView object. Successful exploitation of this issue can lead to remote code execution...
Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0016)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...
Microsoft Internet Explorer Elevation of Privilege (MS16-001: CVE-2016-0005)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft DirectShow Heap Corruption Remote Code Execution (MS16-007: CVE-2016-0015)
A remote code execution vulnerability has been reported in Microsoft DirectShow. The vulnerability is due to the way Microsoft DirectShow improperly validates input. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS16-001: CVE-2016-0002)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft .NET Silverlight Manifest Resource File Information Disclosure (CVE-2015-6114)
An information disclosure vulnerability exists in Microsoft .NET Silverlight manifest resource parsing functionality. The vulnerability is due to an error while processing a corrupted manifest. An attacker can exploit this vulnerability by supplying a specially crafted resource through a .NET or...
Microsoft Windows GDI32.dll ASLR Bypass (MS16-005: CVE-2016-0008)
A vulnerability was discovered in Microsoft Word and Wordpad that could allow attackers to disclose internal memory information which can then be used to bypass security features such as ASLR. A security feature bypass vulnerability exists in the way that the Windows graphics device interface...
Microsoft Office Memory Corruption (MS16-004: CVE-2016-0010)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0014)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to execute arbitrary code with the privileges of the current user. The attacker must entice the victim to run an executable...
Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0018)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...
Microsoft Windows Mapi DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0020)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to gain higher privileges or bypass sandboxing mechanisms. The attacker must entice the victim to run an executable file to...
Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)
A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...
Microsoft Internet Explorer Elevation of Privilege (MS15-106: CVE-2015-6051)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
CoDeSys Gateway Server Opcode 0x3ef Heap Buffer Overflow (CVE-2015-6460)
A heap buffer overflow vulnerability exists in 3S Smart Software CoDeSys due to insufficient input validation. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request message to the vulnerable service. Successful exploitation could result in code execution ...
SQL Injection Scanning Attempt (CVE-2022-27412)
Remote attackers use SQL injection scanning in order to locate potential SQL injection vulnerabilities on a target server, which could be later used for attacks...
Microsoft .NET Framework ASLR Security Bypass (MS15-118: CVE-2015-6115)
A security feature bypass vulnerability exists in Microsoft .NET Framework. The vulnerability is due to a DLL file that was not compiled with Address Space Layout Randomization ASLR enabled. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted document that...
IBM Domino Image File Parsing Buffer Overflow (CVE-2015-5040)
A buffer overflow vulnerability has been reported in IBM Domino. The vulnerability is due to improper bounds checking when parsing image files, potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this vulnerability by sending an email containin...
ManageEngine ServiceDesk FileDownload.jsp fName Directory Traversal
A directory traversal vulnerability has been reported in ManageEngine ServiceDesk. The vulnerability is due to the software incorrectly validating the "fName" parameter when handling requests sent to FileDownload.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a...
Reprise License Manager diagnostics_doit Directory Traversal
A path traversal vulnerability exists in the Reprise License Manager due to insufficient input validation while processing HTTP requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted HTTP requests to the target system. Successful exploitation would allow an...