13538 matches found
Foxit Multiple Products PNG To PDF Conversion Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Foxit Reader. The vulnerability exists in ConvertToPDFx86.dll and is due to improper bound checking on tEXt chunks when converting a PNG file to a PDF file. A remote unauthenticated attacker can leverage this to overflow a heap buffer...
ISC BIND DNSSEC Validation Denial of Service (CVE-2015-4620)
A denial of service vulnerability exists in ISC BIND. The vulnerability is due to an error during DNSSEC validation. A remote attacker can exploit this vulnerability by sending crafted queries under certain circumstances...
Advantech WebAccess AspVCObj.AspDataDriven ActiveX Stack Buffer Overflow (CVE-2014-9208)
A stack buffer overflow vulnerability exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of an argument of multiple functions in the AspVCObj ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a...
Apple QuickTime traf Atom Out-Of-Bounds Access (CVE-2015-3668)
An out-of-bounds memory access vulnerability exists in Apple QuickTime. The vulnerability is due to improper processing of traf atoms. This vulnerability can be exploited by a remote attacker by enticing the target user to open a specially crafted file with the affected application. Successful...
Oracle Data Quality Trillium Based SetBasicPreviewData Type Confusion (CVE-2015-4759)
A remote code execution vulnerability exists in Oracle Data Quality TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to a type confusion when handling data passed to SetBasicPreviewData. A remote attacker can exploit this vulnerability by enticing a user to access a maliciously...
OpenSSL X509_cmp_time Denial of Service (CVE-2015-1789)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in X509cmptime that causes OpenSSL to read beyond the end of a buffer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate to a vulnerable OpenSSL client or...
Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)
An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...
Oracle Endeca IDI ETL Server UploadFileConent Directory Traversal (CVE-2015-2602)
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the UploadFileConent operation. A remote authenticated attacker can leverage this vulnerability to...
Oracle Endeca Information Discovery Integrator ETL Server CopyFile Directory Traversal (CVE-2015-2604)
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the CopyFile operation. By sending crafted SOAP requests to the target system, a remote authenticate...
Oracle Endeca Information Discovery Integrator ETL Server MoveFile Directory Traversal (CVE-2015-2605)
A directory traversal vulnerability has been reported in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to a lack of input validation. A remote attacker can exploit this vulnerability by sending crafted SOAP requests to the target system, leading to informatio...
Dell NetVault Backup Denial of Service (CVE-2015-5696)
A Denial of Service vulnerability has been reported in Dell NetVault service. The vulnerability exists in Dell NetVault's nvpmgr.exe and is due to the way invalid "Subcode data" is handled when there is the relevant "Code" value. A remote attacker can trigger this flaw by establishing a connectio...
Oracle Endeca Information Discovery Integrator ETL Server RenameFile Directory Traversal (CVE-2015-2606)
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the RenameFile operation. By sending crafted SOAP requests to the target system, a remote...
Avira Management Console Server HTTP Header Processing Heap Buffer Overflow
A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server...
Adobe Flash Player Security Bypass (APSB15-23: CVE-2015-5568)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Adobe Flash Player Heap Buffer Overflow (APSB15-23: CVE-2015-5587)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Security Bypass (APSB15-23: CVE-2015-5572)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
EMC AutoStart ftagent Opcode 85 Subcode 33 SQL Injection (CVE-2015-0538)
A remote SQL injection vulnerability exists in EMC AutoStart. The vulnerability is due to insufficient validation of remotely supplied data within the ftagent component. A remote unauthenticated attacker can leverage this vulnerability by sending malicious requests to the ftagent process...
ManageEngine OpManager AgentDetailsUtil agentKey SQL Injection
An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the agentKey parameter when processing requests sent to "com.manageengine.opmanager.servlet.AgentDetailsUtil". A remote attacker can exploit this vulnerability to inject and...
ManageEngine Multiple Products It360SPUtil resIds SQL Injection
An SQL injection vulnerability has been reported in ManageEngine Applications Manager and ManageEngine IT360 MSP Edition. This vulnerability is due to the insufficient validation of user-supplied input when processing requests sent to the It360SPUtil class. A remote, unauthenticated attacker can...
Adobe Flash Player Security Bypass (APSB15-23: CVE-2015-6679)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Adobe Flash Player Type Confusion (APSB15-23: CVE-2015-5573)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Buffer Overflow (APSB15-23: CVE-2015-6676)
A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5588)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB15-23: CVE-2015-5570)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Buffer Overflow (APSB15-23: CVE-2015-6678)
A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5567)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB15-23: CVE-2015-6682)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Memory Corruption (APSB15-23: CVE-2015-5574; CVE-2015-7644)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
IBM Lotus Domino BMP Parsing Integer Overflow (CVE-2015-1902)
An integer overflow vulnerability has been reported in IBM Lotus Domino. The vulnerability is due to improper bounds checking when parsing a BMP image with crafted dimensions. This could potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this...
EMC AutoStart ftagent Opcode 83 Subcode 22 SQL Injection (CVE-2015-0538)
A remote SQL injection vulnerability exists in EMC AutoStart. The vulnerability is due to insufficient validation of remotely supplied data within the ftagent component. A remote unauthenticated attacker can leverage this vulnerability by sending malicious requests to the ftagent process...
Suspicious HTML Mail Phishing Attempt
Several mail phishing campaigns use malicious HTML files to lure victim users to send the attacker the username and password to their e-mail account...
WordPress Mobile Pack Information Disclosure (CVE-2014-5337)
An information disclosure vulnerability has been reported in WordPress Mobile Pack Plugin. Successful exploitation of this vulnerability would allow a remote attacker to read files with privileged information...
Bugzilla Mail Authentication Mechanism Bypass (CVE-2015-4499)
An authentication mechanism bypass vulnerability has been found in Bugzilla. Any unauthenticated remote attacker may leverage this vulnerability to gain access to database information regarding unpatched bugs, and exploit them to attack the affected pieces of software before security patches are...
reestr Root Directory Creation Mail Phishing Attempts
Mail phishing attempts including root directory creation has been discovered. By deceiving the system administrator to implant a backdoor an attacker may run arbitrary code on the affected web server...
Adobe Flash Player Use after Free Code Execution (APSB15-19: CVE-2015-5127)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Cisco Router SYNful Knock Implant HTTP Request
A router implant, known as SYNful Knock, has been reported in multiple Cisco routers. The implant might enable an attacker to modify the router's firmware and run arbitrary code, or use the router as a bot for further attacks...
Cisco Router SYNful Knock Implant TCP Activator
A router implant vulnerability, known as SYNful Knock has been reported in multiple Cisco routers . A successful exploitation might enable the attacker to modify the router's firmware, and thereby allow running arbitrary code, or using the server as a bot for further attacks...
Microsoft Outlook RTF Embedded Object Security Bypass (CVE-2004-0503)
A security bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to a lack of validation for certain OLE objects attached to RTF messages. A successful exploitation may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-locati...
Adobe Reader and Acrobat Corrupted Stream Denial of Service
Corruption found in encoded streams inside PDF files may cause Adobe Reader and Acrobat to fail to decode these streams, which might lead to a denial of service condition. An attacker could exploit this vulnerability by sending a malformed PDF file containing such corruption inside encoded stream...
Microsoft Office Malformed EPS File Remote Code Execution (MS15-099; CVE-2015-2545)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error while parsing a file containing a malformed graphics image. An attacker could exploit the vulnerability by constructing a specially crafted EPS file...
PHP Unserialize Function Use After Free
A use-after-free vulnerability has been reported in PHP when deserializing certain SPL objects . A remote attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. A successful attack could result in arbitrary code execution on the vulnerable server...
Microsoft Windows Journal Remote Code Execution (MS15-098: CVE-2015-2513)
A remote code execution vulnerability has been reported in Microsoft Windows Journal. The vulnerability is due to the way Windows Journal processes specially crafted jnt files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted jnt file...
Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2500)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Memory Corruption (MS15-099: CVE-2015-2520)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office does not properly handle objects in memory. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...
Microsoft Office Memory Corruption (MS15-99: CVE-2015-2523)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Elevation of Privilege (MS15-094: CVE-2015-2489)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2490)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows Graphics Component Denial of Service (MS15-097; CVE-2015-2510)
A denial of service vulnerability exists in Microsoft Windows Graphics Component. The vulnerability is due to an error while parsing certain files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...
Microsoft Office Memory Corruption (MS15-99: CVE-2015-2521)
A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted fi...
Microsoft Edge security bypass (MS15-094: CVE-2015-2484)
A tampering vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper misuse of the COM interface. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Edge...