13538 matches found
Microsoft Internet Explorer Memory Corruption (MS15-106: CVE-2015-6048)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS15-106: CVE-2015-6045; CVE-2015-6045)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Memory Corruption (MS15-110: CVE-2015-2555)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Information Disclosure (MS15-106: CVE-2015-6053)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Windows Shell Remote Code Execution (MS15-109: CVE-2015-2515)
A remote code execution vulnerability has been reported in Microsoft Windows shell. The vulnerability is due to an error in the way Windows shell improperly handles objects in memory while opening a crafted toolbar object in Windows. A remote attacker can exploit this issue by enticing a victim t...
Reprise License Manager HTTP Parameter Parsing Stack Buffer Overflow
A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the licfile and debuglog parameters while processing an HTTP request. Successful exploitation would lead to arbitrary code execution under the security context...
Microsoft Internet Explorer Memory Corruption (MS15-106: CVE-2015-6049)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Office Memory Corruption (MS15-110: CVE-2015-2558)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-106: CVE-2015-6042)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-106: CVE-2015-6050)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Information Disclosure (MS15-106: CVE-2015-6059)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Microsoft Office Memory Corruption (MS15-110: CVE-2015-2557)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Information Disclosure (MS15-106: CVE-2015-6046)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Internet Explorer Use After Free Remote Code Execution (MS15-109: CVE-2015-2548)
A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...
Microsoft Internet Explorer Elevation of Privilege (MS15-106: CVE-2015-6047)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Internet Explorer Scripting Engine Memory Corruption (MS15-106: CVE-2015-6055)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Samsung PS50C7700 3D Plasma-TV Denial of Service (CVE-2013-4890)
A denial-of-service vulnerability has been reported in Samsung TV. The vulnerability is due to insufficient validation of certain values. A remote attacker can exploit this vulnerability by sending a specially crafted Connection request to the vulnerable server. Successful exploitation will cause...
Microsoft VBScript and JScript ASLR Bypass (MS15-106: CVE-2015-6052)
A security feature bypass vulnerability has been discovered in JScript and VBScript scripting engines. The vulnerability is due to the way that the VBScript scripting engine uses the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a...
Microsoft Edge XSS Filter Bypass (MS15-107: CVE-2015-6058)
An XSS filter bypass vulnerability exists in Microsoft Edge. A remote attacker could exploit this issue by convincing target users to view a web page containing malicious JavaScript code with an effected version of Microsoft Edge. Successful exploitation could allow an attacker to take any action...
Schneider Electric InduSoft Web Studio Remote Agent Remote Code Execution (CVE-2015-7374)
The vulnerability is due to lack of authentication to the Remote Agent Service which allows attackers to execute API calls on the service remotely. By sending crafted requests to the service, a remote unauthenticated attacker can exploit this vulnerability to execute code under the context of the...
Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire's user-create.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...
Email Parameter Cross-Site Scripting
A cross-site scripting vulnerability has been reported in a web form parameter. Successful exploitation of this vulnerability would allow remote attackers to inject malicious code into the affected system...
Oracle Endeca IDI ETL Server DownloadFileContent Directory Traversal (CVE-2015-4745)
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the DownloadFileConent operation. A remote authenticated attacker can leverage this vulnerability to...
Adobe Flash Player Use After Free Code Execution (APSB15-23: CVE-2015-5584)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Reprise License Manager edit_lf_get_data Directory Traversal
A directory traversal vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation while processing HTTP requests to the editlfgetdata operation. A remote authenticated attacker can leverage this vulnerability by sending crafted HTTP requests to t...
Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)
A cross-site scripting vulnerability has been reported in Typo3 CMS. The vulnerability is due to the sanitizeLocalUrl function incorrectly validating the returnUrl and redirecturl HTTP request parameters. A remote attacker can exploit this vulnerability by enticing a user to open a specially...
ISC BIND openpgpkey_61.c Denial of Service (CVE-2015-5986)
A denial-of-service vulnerability exists in ISC BIND. The vulnerability is due to an incorrect boundary check, leading to a REQUIRE assertion failure in openpgpkey61.c. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted queries under certain circumstances...
ManageEngine OpManager APMAlertOperationsServlet source SQL Injection
An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the source parameter when processing requests sent to APMAlertOperationsServlet servlet. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL co...
Novell ZENworks Mobile Management Cross-Site Scripting
A cross-site scripting vulnerability has been reported in Novell ZENworks Mobile Management. The vulnerability is due to insufficient validation of output before it is returned to the user. A remote attacker can exploit this vulnerability by enticing a user to click on a maliciously crafted link...
Ignite Realtime Openfire server-session-details.jsp Cross-Site Scripting
A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "hostname" parameter within the server-session-details.jsp page. By convincing an authenticated administrator to visit a malicious website, a remot...
ISC BIND DNSSEC Key Parsing buffer.c Denial of Service (CVE-2015-5722)
A denial of service vulnerability exists in ISC BIND. The vulnerability is due to an error in buffer.c while parsing certain malformed DNSSEC keys. A remote attacker can exploit this vulnerability by sending crafted queries under certain circumstances. Successful exploitation will result in a...
GE MDS PulseNET Hidden Support Account Remote Code Execution (CVE-2015-6456)
A default credential vulnerability has been reported in GE MDS PulseNET. The vulnerability is due to static credentials of a hidden support account permitting administrator access to the system. A remote attacker can exploit these default credentials to access the system. Once authenticated, the...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5578; CVE-2015-5579)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted mp4 file...
OpenLDAP ber_get_next Denial of Service (CVE-2015-6908)
A denial of service condition has been reported in OpenLDAP. The vulnerability is due to an obsolete assertion failure in bergetnext. A remote user can exploit this vulnerability by sending a crafted BER message to the target server. A successful exploitation will cause a denial of service...
Adobe Flash Player Information Disclosure (APSB15-23: CVE-2015-5576)
An Information Disclosure Vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker could exploit these vulnerability by enticing a target user to open a crafted SWF file...
Ignite Realtime Openfire user-password.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire user-password.jsp. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which sends a...
General Electric MDS PulseNET FileDownloadServlet Directory Traversal (CVE-2015-6459)
A directory traversal vulnerability exists in the General Electric MDS PulseNET products. The vulnerability is due to insufficient validation in FileDownloadServlet. An unauthenticated remote attacker can exploit this vulnerability to read and then delete an arbitrary file on the system...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5580)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted MP4 file...
Adobe Flash Player Out of Bounds Memory Corruption (APSB15-23: CVE-2015-5575)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out-of-bounds memory read while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Use After Free Remote Code Execution (APSB15-23: CVE-2015-5581)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5582)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
pfSense WebGUI Zone Parameter Cross-Site Scripting (CVE-2015-4029)
A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to servicescaptiveportalzones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted lin...
Advantech WebAccess Webdobj ActiveX UpdateProject Stack Buffer Overflow (CVE-2014-9208)
A stack buffer overflow vulnerability exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of one of the UpdateProject's arguments in the Webdobj ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a...
OpenSSL X509_cmp_time Denial of Service (CVE-2015-1789)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in X509cmptime that causes OpenSSL to read beyond the end of a buffer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate to a vulnerable OpenSSL client or...
Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)
An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...
IBM Domino LDAP Server ModifyRequest Stack Buffer Overflow (CVE-2015-0117)
A stack buffer overflow vulnerability exist in IBM Domino's LDAP Server. The vulnerability is due to insufficient validation of input leading to copying an indefinite amount of data from a crafted ModifyRequest LDAP message to a fixed length stack buffer. A remote, unauthenticated attacker can...
Oracle Endeca IDI ETL Server UploadFileConent Directory Traversal (CVE-2015-2602)
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the UploadFileConent operation. A remote authenticated attacker can leverage this vulnerability to...
Reprise License Manager actserver and akey HTTP Parameters Parsing Stack Buffer Overflow
A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the actserver and akey parameters while processing a number of HTTP requests. Successful exploitation would lead to arbitrary code execution under the security...
phpFileManager cmd Parameter Command Execution
A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6 or 9. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter...
Sysax Multi Server SSH Component Denial Of Service
A denial-of-service vulnerability has been reported in Sysax Multi Server. The vulnerability is due to incorrectly dereferencing NULL pointers when handling certain malformed SSH messages. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted SSH message to the...