13538 matches found
Schneider Electric VAMPSET COMTRADE Records Buffer Overflow (CVE-2014-8390)
A heap buffer overflow vulnerability exists in Schneider Electric VAMPSET software. The vulnerability is due to improper processing of specific parameters within CFG and DAT files of a COMTRADE record. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim to ope...
Visual Mining NetCharts Server projectContents.jsp File Rename Denial of Service (CVE-2015-4032)
A denial of service condition vulnerability has been reported in Visual Mining NetCharts Server projectContents.jsp page. The vulnerability is due to arbitrary directory traversal when renaming a file. A remote attacker can exploit this vulnerability to create a denial of service condition...
Microsoft Internet Explorer CTxtPtr Memory Access Error
An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability is due to a read out of boundary when handling CTxtPtr::InsertRange objects. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case o...
OpenLDAP slapd Deref Overlay Null Pointer Dereference (CVE-2015-1545)
A denial of service vulnerability exists in OpenLDAP. The vulnerability is due to NULL pointer dereference in the Deref overlay of slapd when certain LDAP request messages are processed. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the...
Google Chrome XSSAuditor Policy ByPass
A policy bypass vulnerability exists in Google Chrome. The vulnerability is due to improper handling of script tags within svg tags. A remote attacker can exploit this vulnerability by enticing a user to follow a crafted URL. Successful exploitation will result in bypassing the XSSAuditor feature...
LANDesk Management Suite Remote File Inclusion (CVE-2014-5362)
A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in the HTTP path. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a malicious parameter...
Microsoft ASP.NET Information Disclosure (MS15-041) - ver 2 (CVE-2015-1648)
An information disclosure vulnerability exists in Microsoft .NET Framework. The vulnerability is due to improper requests sanitization on servers with error messages disabled. A remote attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server...
Adobe Flash opaqueBackground Use After Free (APSA15-04: CVE-2015-5122)
A use after free vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles the opaqueBackground property setter of the DisplayObject class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable...
Visual Mining NetCharts Server saveFile.jsp Page Directory Traversal (CVE-2015-4031)
An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to lack of sanitization on a remotely supplied parameter within the saveFile.jsp page. A remote attacker can exploit this vulnerability to execute arbitrary code with SYSTEM...
WebGate Multiple Products WESPSerialPortCtrl Buffer Overflow (CVE-2015-2097)
A buffer overflow vulnerability exists in WebGate Multiple Products. The vulnerability is due to insufficient input validation of the length of the parameters passed to the Connect method of WESPSerialPort.WESPSerialPortCtrl.1. A remote attacker could exploit this vulnerability by enticing a user...
Microsoft Windows Font Glyphs Kernel Code Injection (MS15-077; CVE-2015-2387)
A flaw was found in the way Microsoft ATMFD.DLL component handles specially crafted fonts. Successful exploitation of this vulnerability might result in invalid memory access, allowing kernel code injection...
Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)
A vulnerability exists within Adobe Flash Player ActionScript 3 ByteArray class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system...
WordPress MailChimp Subscribe Forms PHP Code Execution
A PHP code execution vulnerability has been reported in Wordpress plugin MailChimp Subscribe Forms. The vulnerability is due to insufficient validation of user-controlled email address when handling subscribe requests. An unauthenticated remote attacker can exploit this vulnerability by sending a...
IBM Tivoli Storage Manager FastBack Mount vault Stack Buffer Overflow (CVE-2015-1896)
A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to improper bounds checking by the FastBackMount process. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests. Successful exploitati...
Panasonic Security API SDK Iprosapi ActiveX Control Buffer Overflow (CVE-2015-4647)
A buffer overflow vulnerability exists in the Ipropsapi ActiveX Control component of the Panasonic Security API SDK. The vulnerability is due to an error when processing the FilePassword property. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted...
TLS DHE_EXPORT Information Disclosure (MS15-055; CVE-2015-1716; CVE-2015-4000)
An information disclosure vulnerability exists in multiple implementations of TLS 1.2 and earlier, when Ephemeral Diffie-Hellman cipher suites including their EXPORT versions are used. It is possible to downgrade a DHE cipher to a DHEEXPORT cipher, which can be broken, and thereby perform a...
Beta (Sundown) Exploit Kit Landing Page
Beta exploit kit, a.k.a. Sundown exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Beta exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perfor...
Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)
An elevation-of-privilege vulnerability has been reported in the Apple CUPS. The vulnerability is due to improper processing of print-job or create-job requests sent to cupsd. A remote, unauthenticated attacker can send a specially crafted localized strings to cause the 'admin/conf' and 'admin'...
PHP ftp_genlist method Integer Overflow (CVE-2015-4022)
A code execution vulnerability exists in PHP's ftpgenlist method. The vulnerability is due to lack of integer overflow detection when calculating the size of the response to the FTP LIST command. A remote attacker can exploit the vulnerability by hosting an FTP server and sending crafted ata to a...
IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow (CVE-2015-0120)
A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to insufficient input validation of parameters to the CRYPTOSEncryptBufferToBuffer function. A remote unauthenticated attacker could exploit this vulnerability by sending crafted...
PHP Multipart Remote Denial of Service (CVE-2015-4024)
A denial-of-service vulnerability has been reported in the way PHP handles HTTP requests. A remote attacker could exploit this vulnerability using a specially crafted HTTP request, and cause a denial of service condition on the affected system...
Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow (CVE-2015-0786)
A stack buffer overflow vulnerability exists in the PreBoot Policy Service of Novell ZENworks Configuration Management. The vulnerability is due to a boundary error in the logging functionality. Remote, unauthenticated attackers could exploit this vulnerability by sending crafted packets to the...
ESET NOD32 Anti-Virus Emulation Remote Code Execution
A Remote Code Execution vulnerability has been reported in ESET's NOD32 Anti-Virus products. A successful exploitation of this vulnerability can allow code execution with the privileges of the affected product...
ManageEngine EventLog Analyzer Cross Site Request Forgery
A cross site request forgery vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to insufficient input validation of parameters sent to event/userManagementForm.do. By convincing a user to follow a malicious link, a remote attacker can exploit this vulnerability to...
Suspicious Hyperlink Mail Phishing Attempt
A common method for Phishing, used in malspam campaigns, is the use of hyperlinks inside such a seemingly valid entity, in order to direct the victim into a designated website controlled by the attacker or in order to make the user download malware such as Hancitor/Pony...
Suspicious PDF Comment Field
This protection detects suspicious content inside the comment field in PDF files...
VMware JPEG2000 Stack Overflow (CVE-2015-2336)
A stack overflow vulnerability has been reported in multiple VMWare products, including VMware Workstation, Player, and Fusion, when processing JPEG2000 JPX files. A remote attacker can exploit this vulnerability to cause a denial of service condition or code execution on the host system...
HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)
A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...
Adobe Flash Player Heap Buffer Overflow (APSB15-14: CVE-2015-3113; CVE-2015-4432; CVE-2015-5118)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Novell ZENworks Configuration Management Session ID Information Disclosure (CVE-2015-0784)
An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to exposure of insecure functionality within Rtrlet.class. A remote unauthenticated attacker can leverage this vulnerability to disclosure Session IDs of the logged in users which...
PDF Containing Unsupported Filter
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader when handling PDF files that contain an unsupported filter. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file...
PDF Containing Multiple Filters
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader when handling PDF files that contain multiple filters. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file...
LANDesk Management Suite AMTVersion Cross-Site Scripting (CVE-2014-5360)
A cross-site scripting vulnerability exists in LANDesk Management Suite. The vulnerability is due to improper validation of a user-supplied parameter AMTVersion. A remote attacker could exploit this vulnerability by enticing a target user to view crafted web content...
Shodan Scanner SIP Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Shodan Scanner ISAKMP Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Shodan Scanner GTP Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Shodan Scanner BACNET Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Shodan Scanner ENIP Request
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
SAP NetWeaver Portal ConfigServlet Remote Command Execution
A remote command execution vulnerability has been reported in SAP NetWeaver. The vulnerability is due to insufficient validation in SAP ConfigServlet handling of incoming GET requests. By sending a specially-crafted GET request, an attacker could exploit this vulnerability to inject and execute...
Adobe Flash Player custom pageDomain (APSB15-11: CVE-2015-3102)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
OsCommerce Configuration SQL Injection Attempt
An SQL injection vulnerability has been reported in OsCommerce Online Merchant. Successful exploitation of this vulnerability would allow a remote attacker to modify and pull confidential database information...
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
...
Oracle Java SE Ligature Substitution Glyph Storage Out Of Bounds Memory Access (CVE-2015-0469)
An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to an issue with insufficient validation of an index value prior to array access. This can lead to an off by one condition in the glyphStorage heap array object. A remote unauthenticated...
Adobe Flash Player Memory Leak (APSB15-11: CVE-2015-3108)
A memory leak vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Flash Player while handling specially crafted swf files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted swf...
OsCommerce Cross-Site Request Forgery Administrator Creation
A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to create administrator users on the affected system...
OsCommerce Mail Cross-Site Scripting Attempt
A cross-site scripting vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to inject web script into the affected system...
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1730)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
OsCommerce Configuration Cross-Site Scripting
A cross-site scripting vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to inject web script into the affected system...
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1736)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1753)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...