13538 matches found
ManageEngine Applications Manager CommonAPIUtil SyncMonitors haid SQL Injection
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid parameter when processing requests using the SyncMonitors method of the CommonAPIUtil class. A remote attacker can exploit this vulnerability to inject and...
Oracle Java Spearphishing Email Remote Code Execution (CVE-2015-2590)
A remote code execution vulnerability has been reported in Oracle Java. The infection technique will include spearphishing attempt against the victim. A remote attacker may exploit this issue by enticing a target user to open a specially crafted file. Successful exploitation would allow an attack...
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)
A vulnerability has been detected in the way OpenSSL verifies certificate chains. An attacker may leverage this vulnerability to forge a valid certificate, even if its signing certificate is not recognized by a Certificate Authority CA...
Microsoft Office TaskSymbol Memory Corruption Remote Code Execution (MS15-070: CVE-2015-2424)
A memory corruption vulnerability has been identified in Microsoft Office. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the current user...
EMC AutoStart ftagent Remote Command Execution (CVE-2015-0538)
A remote command execution vulnerability exists in EMC AutoStart. The vulnerability is due to insecure communication between the ftagent processes on nodes of an AutoStart cluster. A remote unauthenticated attacker can leverage this vulnerability by sending malicious requests to the ftagent proce...
Adobe Flash Player Same Origin Policy Bypass (APSB15-16: CVE-2015-3116; CVE-2015-3115)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Suspicious Sender Address
Most mail transfer agents perform certain normalizations over mail headers, including the sender address. A non-normalized sender address may imply a non-standard mail transfer agent, which could indicate suspicious activity...
GnuTLS libtasn1 _asn1_extract_der_octet Memory Access Error (CVE-2015-3622)
A memory access error vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in asn1extractderoctet that causes libtasn1 to read beyond the allocated buffer when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability...
Arcserve Unified Data Protection Management getBackupPolicies Information Disclosure (CVE-2015-4069)
An information disclosure vulnerability exists in Arcserve Unified Data Protection UDP. This vulnerability exists in EdgeServiceImpl and is due to insufficient input validation of certain SOAP requests using the getBackupPolicies method. A remote unauthenticated attacker can exploit this...
Novell ZENworks Configuration Management schedule.ScheduleQuery SQL Injection (CVE-2015-0782)
An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of a request parameter in the run method of the ScheduleQuery class before using the parameter in SQL queries. A remote, unauthenticated attacker can exploit this...
Adobe Flash Player Security Bypass (APSB15-16: CVE-2015-3114)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles verification of cross domain policy files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Google Chrome blink buildShadowAndInstanceTree Use After Free (CVE-2015-1256)
A use-after-free vulnerability exists in Google Chrome, blink component. The vulnerability is due to error when building a shadow tree for a element with a direct reference to a disallowed element. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2406)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Memory Corruption (MS15-070: CVE-2015-2379)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Windows OLE Elevation of Privilege (MS15-075: CVE-2015-2416)
An elevation of privilege vulnerability exists in Microsoft Object Linking and Embedding OLE technology. The vulnerability is caused when OLE objects are improperly handled in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2390)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Information Disclosure (MS15-065: CVE-2015-2412)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper validation of file paths. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2425)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel DLL Remote Code Execution (MS15-070; CVE-2015-2378)
A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to the way that Microsoft Excel improperly handles the loading of dynamic link library DLL files. An attacker could trigger this flaw by convincing a victim to load a malicious DLL file...
Microsoft Office Memory Corruption (MS15-070: CVE-2015-2415)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2383)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer ASLR Bypass (MS15-065: CVE-2015-2421)
A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Office Memory Corruption (MS15-070: CVE-2015-2376)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft DLL Planting Remote Code Execution (MS15-069: CVE-2015-2369)
A remote code execution vulnerability has been reported in Media Device Manager. The vulnerability is due to an error in the way Microsoft Windows improperly handles the loading of DLL files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2404)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2422)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2408)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft SQL Server Remote Code Execution (MS15-058; CVE-2015-1762)
A remote code execution vulnerability exists in Microsoft SQL Server. The vulnerability is caused when Microsoft SQL Server incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-1738)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player BitmapData Remote Code Execution (APSA15-04: CVE-2015-5123)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file. Successful...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-1767)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2397)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Information Disclosure (MS15-065: CVE-2015-2402)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in validation of registry key locations. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Microsoft Windows Remote Desktop Protocol Code Execution (MS15-067: CVE-2015-2373)
A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP. The vulnerability is due to an error in the way that the Remote Desktop Protocol RDP service handles packets. A remote attacker may exploit this issue by sending a sequence of specially crafted RDP...
Microsoft Office Memory Corruption (MS15-070: CVE-2015-2380)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Jscript9 Memory Corruption (MS15-065: CVE-2015-2419)
A remote code execution vulnerability exists in the way that the JScript engine, when rendered in Internet Explorer, handles objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer...
Microsoft Windows OLE Elevation of Privilege (MS15-075: CVE-2015-2417)
Elevation of privilege vulnerabilities exists in Microsoft Object Linking and Embedding OLE technology. The vulnerability is caused when OLE objects are improperly handled in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Office Memory Corruption (MS15-070: CVE-2015-2377)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Information Disclosure (MS15-065: CVE-2015-2413)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2372)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2389)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-1733)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel ASLR Bypass (MS15-070; CVE-2015-2375)
A security feature bypass vulnerability exists in Microsoft Excel. The vulnerability is caused when memory is released in an unintended manner. A remote attacker can exploit this issue by enticing a target user to open a specially crafted Excel file...
Microsoft Internet Explorer Cross-domain Information Disclosure (MS15-065: CVE-2015-1729)
An Information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper enforcement of cross-domain policies. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Interne...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2411)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2391)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in parsing maliciously formed metadata. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affected version of Intern...
Microsoft Windows Graphics Component Elevation of Privilege (MS15-072; CVE-2015-2364)
An elevation of privilege vulnerability exists in Windows Graphics Component. The vulnerability is due to an error in the way Windows Graphics component improperly process bitmap conversions. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted file in a...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2388)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2401)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the groupId parameter when processing requests using the getMGList method of the CommonAPIUtil class...