13538 matches found
Microsoft Office Memory Corruption (MS15-116: CVE-2015-6094)
A use-after-free vulnerability exists in Microsoft Excel. A remote attacker could use this vulnerability by sending a specially crafted Excel spreadsheet. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system...
Microsoft Office Memory Corruption (MS15-116: CVE-2015-6091)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6081)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Office Memory Corruption (MS15-116: CVE-2015-6092)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Information Disclosure (MS15-112: CVE-2015-6086)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6065)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer ASLR Bypass (MS15-112: CVE-2015-6088)
A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Office Memory Corruption (MS15-116: CVE-2015-6038)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software fails to properly validate templates. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Graphics Component Remote Code Execution (MS15-115: CVE-2015-6103)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted TTF files. A remote attacker can exploit this issue by enticing a user to open a maliciously crafted TTF file...
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6066)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows Kernel Security Feature Bypass (MS15-115: CVE-2015-6113)
A kernel security feature bypass vulnerability has been reported in Microsoft Windows. A remote attacker may exploit this vulnerability by calling a procedure which bypasses access check and allows privileged file access...
Uniscan Security Scanner
Uniscan is a vulnerability scanning product. Remote attackers can use Uniscan to detect vulnerabilities on a target server...
SAP 3D Visual Enterprise Viewer Flic Animation Buffer Overflow
A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Viewer. The vulnerability is caused by improper boundary check when copying image data. By enticing a user to open maliciously crafted Flic animation file with the affected application, an attacker can exploit this vulnerability t...
IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection (CVE-2015-1938)
A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1331 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...
Network Time Protocol Daemon decodenetnum Assertion Failure (CVE-2015-7855)
A denial-of-service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to an assertion failure that can occur in decodenetnum when NTPD receives certain crafted packets. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP...
Adobe Flash Player Security Bypass (APSB15-25: CVE-2015-7628)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7625; CVE-2015-7626)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7627)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB15-25: CVE-2015-7629)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Use After Free Code Execution (APSB15-25: CVE-2015-7631)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Use After Free Code Execution (APSB15-25: CVE-2015-7632)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7633)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid tohaid SQL Injection
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid and tohaid parameters when processing requests using the moveSubGroup method of the CommonAPIUtil class. By sending crafted request messages, a remote...
OpenEMR globals.php Authentication Bypass (CVE-2015-4453)
An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...
Microsoft Office File Modification Password Use After Free (MS15-046; CVE-2015-1683)
A use-after-free vulnerability exists in Microsoft Office 2007. The vulnerability is due to problematic code that parses Office documents with modification password protection. A remote attacker could exploit this vulnerability by enticing a user to open a crafted Office document. Successful...
Suspicious Plugin Detector Information Disclosure
An information disclosure vulnerability has been reported in multiple web browsers. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information about the client's system...
ArabLab Bot ID SSL Certificate
An SSL certificate containing the ArabLab Bot ID has been found. This bot has been used in the past for targeting banks, and other campaigns whose goal is access to money...
Avast Antivirus X.509 Certificate Common Name Remote Command Execution
A remote command execution vulnerability has been reported in Avast Antivirus. The vulnerability is due to improper validation of X.509 certificates. Specifically, Avast does not sanitize the Common Name attribute of the X.509 certificates before rendering it as HTML...
Advantech WebAccess ActiveX ConvToSafeArray Stack Buffer Overflow (CVE-2014-9208)
A stack buffer overflow vulnerability exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of an argument to ConvToSafeArray in the AspVCObj.AspDataDriven ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by...
GnuTLS DistinguishedName Decoding Double Free (CVE-2015-6251)
A double-free vulnerability has been reported in GnuTLS. The vulnerability is due to an error within gnutlsx509dntostring while processing very long Distinguished Name values in X.509 certificates. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate ...
IBM Lotus Domino Web Server iNotes Buffer Overflow (CVE-2003-0178)
A buffer overflow vulnerability exists in IBM Lotus Domino iNotes Web Server. The vulnerability is due to incorrect handling of client-supplied request parameters. A remote attacker can exploit this vulnerability by sending crafted requests to affected servers...
Samba Unicode Filename Buffer Overflow (CVE-2004-0882)
A vulnerability has been reported in the way Samba handles file information requests. A malformed request can trick the server into overflowing an incorrectly allocated buffer while generating a response. If certain conditions are met, an attacker can exploit this vulnerability to execute malicio...
NTP Servers Symmetric Association Authentication Bypass (CVE-2015-7871)
A logical flaw exists in NTP servers when handling certain crypto-NAK packets, allowing attackers to bypass the target server's authentication. A remote attacker can leverage this flaw by sending a specially crafted request, and manipulate the server system's time...
Oracle Database Server Login Access Control Bypass (CVE-2006-0547)
There exists a security bypass vulnerability in the Oracle Database Server product. The vulnerability exists due to insufficient validation of the user input in the login process. A remote attacker with valid user credentials may use this vulnerability to bypass access controls and execute SQL...
Elasticsearch Sandbox Escape Command Execution (CVE-2015-1427)
A remote command execution RCE vulnerability exists in the Groovy scripting engine in Elasticsearch. The vulnerability is due to certain scripts bypassing the sandbox protection mechanism. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted request...
Ignite Realtime Openfire server-props.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire's server-props.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which...
Microsoft Internet Explorer Address Bar Spoofing (CVE-2004-2219)
A vulnerability exists in Internet Explorer's address bar updating method due to incorrect handling of unknown protocol handlers. A specific sequence of steps, executed in an Internet Explorer browser can allow for arbitrary content to be represented by a false address in the address bar. This ca...
Paros Proxy Scanner
Paros is a proxy scanning product. Remote attackers can use Paros to detect proxy servers...
ManageEngine Applications Manager CommonAPIUtil removeMonitorFrmMG haid SQL Injection
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid parameter when processing requests using the removeMonitorFrmMG method of the CommonAPIUtil class. By sending crafted request messages, a remote...
Websense Triton Content Manager handle_debug_network Stack Buffer Overflow (CVE-2015-5718)
A stack buffer overflow vulnerability exists in Websense Triton Content Manager. The vulnerability is due to calling "strcpy" without boundary checking. A remote unauthenticated attacker can overflow the "dest" buffer in "handledebugnetwork"...
Adobe Flash Player IExternalizable Remote Code Execution (APSA15-05: CVE-2015-7645; CVE-2015-7647; CVE-2015-7648)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...
Wordpress simple-ads-manager Information Disclosure (CVE-2015-2826)
An information disclosure vulnerability has been reported in "Wordpress simple-ads-manager plug-in". The vulnerability is due to improper sanitizing of the sam-ajax-admin.php script. Successful exploitation will allow a remote attacker to reveal the user's sensitive information...
Asterisk SIP Invite Malformed SDP Denial of Service (CVE-2007-1561)
A denial of service vulnerability exists in the channel driver of Asterisk. A remote attacker may send a SIP INVITE message with an SDP containing one valid and one invalid IP address, causing the server to crash...
Sun Solaris DHCP Daemon Code Execution (CVE-2007-5365)
Multiple vulnerabilities have been reported in the Sun Solaris DHCP daemon that could be exploited by remote attackers to execute arbitrary code over the vulnerable system. The vulnerabilities are due to an insecure design in the DHCP in.dhcpd server while handling DHCP requests. Remote attackers...
Magento E-Commerce Platform Magmi Plugin Information Disclosure
An information disclosure vulnerability has been discovered in Magento e-commerce platform Magmi Plugin. Successful exploitation results in access to Magento site credentials and database encryption key...
Stack-based Buffer Overflow in Artegic Dana IRC Client (CVE-2008-2922)
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long IRC message...
IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1332 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...
Asterisk Skinny Channel Driver Remote Denial of Service (CVE-2007-4280)
Asterisk is vulnerable to a denial of service attack, caused by a vulnerability in the Skinny channel driver. By sending a specially-crafted "CAPABILITIESRESMESSAGE" packet with an overly large capabilities count, a remote attacker with an authenticated session could exploit this vulnerability...
Xlink FTP Server Request Buffer Overflow (CVE-2006-5792)
A buffer overflow vulnerability exists in Xlink FTP server that comes bundled with Omni-NFS Enterprise 5.2. A remote attacker may send an overly long FTP request to the server which allows arbitrary code execution...
Oracle Database Client System Analyzer Arbitrary File Upload Code Execution (CVE-2010-3600)
A directory traversal and remote code-execution vulnerability exists in Oracle Database Server 11 and Enterprise Manager Grid Control 10. The vulnerability is found in a JSP application and permits a directory traversal. Successful exploit will allow a remote attacker to execute arbitrary code on...