13538 matches found
Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3090)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted swf file. A remote attacker can exploit this issue and lead to code execution...
Web Clients HTTP URL DOM Entity Cross-Site Scripting
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
Web Clients HTTP URL HTML Entity Cross-Site Scripting
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
Web Clients HTTP URL Escape Sequence Cross-Site Scripting
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
Web Clients HTTP URL Redirect Cross-Site Scripting
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
DNS Tunneling
DNS Tunneling is used to pass non-DNS information using DNS messages, which are normally allowed by security devices. Malicious users or malware may use DNS tunnels to bypass inspection by the security gateway. This protection is only applicable for IPS gateway version R77.30 and above. See...
Adobe Acrobat And Reader JavaScript API code execution (APSB15-10: CVE-2015-3074)
A Restrictions Bypass Privileged JavaScript API Execution Vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the use of trusted function which provides certain privileges that allows overwriting objects. A remote attacker can exploit this vulnerability by enticing the...
Web Clients HTTP URL JavaScript Function Cross-Site Scripting (CVE-2015-1159; CVE-2015-6099; CVE-2015-6972; CVE-2017-0068)
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
Adobe Reader and Acrobat Memory Leak (APSB15-10: CVE-2015-3058)
A memory leak vulnerability has been reported in Adobe Reader. The vulnerability is due to an error in Adobe Reader while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted PDF file...
Adobe Acrobat And Reader Use-After-Free (APSB15-10: CVE-2015-3075)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3070)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Suspicious Link Redirection Mail Phishing Attempt
Several mail phishing campaigns use embedded redirection links to lure the victim user to download malicious files...
Non Compliant UUencoded SMTP
Unexpected characters in UUencoded SMTP data which cannot be decoded might indicate an attempt to attack the mail server...
Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3069)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...
Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3064; CVE-2015-3061; CVE-2015-3063)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...
Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3062; CVE-2015-3060)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...
Adobe Acrobat And Reader Use-After-Free (APSB15-10: CVE-2015-3059)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitatio...
TEST title this is test
...
Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3057)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected versio...
Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008; CVE-2015-3455)
A policy bypass vulnerability exists in multiple products. The vulnerability is due to incorrectly validating the common name in a certificate. It can be exploited by using a NULL character after the portion of the common name that the product expects. By exploiting this vulnerability, a remote...
Adobe Flash Player Domain Policy Bypass (APSB15-10: CVE-2015-3079)
Adobe Flash Player is vulnerable to a cross domain policy bypass. If the victim opens a maliciously crafted file using certain URL schemes, the file could cause a privilege escalation and allow unlimited cross-domain access...
WordPress Broken Link Checker Plugin Cross-Site Scripting
A cross-site scripting vulnerability has been reported in WordPress Broken Link Checker plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
WordPress Download Manager Plugin Information Disclosure
An information disclosure vulnerability has been reported in WordPress Download Manager plugin. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to information disclosure...
Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3056)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected versio...
Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3078)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted mp4 file...
Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3050)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)
A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
ACE Files
ACE is a data compression format used for archiving, which consists of blocks of various types and sizes. An attacker may use the compressed ACE format in order to bypass inspection by network security devices, which will not be able to inspect the original content that is being transferred...
Multiple AntiVirus Products ZIP File Scan Evasion Security Bypass - Ver2 (CVE-2012-1462)
A security bypass vulnerability has been reported in multiple products. An attacker could exploit this vulnerability via a ZIP file containing an invalid block of data at the beginning. Successful exploitation of this vulnerability would allow remote attackers to bypass malware protection and...
Adobe Acrobat PDF File Array Type Error Memory Corruption (APSB12-16) - Ver2 (CVE-2012-4147)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to memory corruption while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file with an affected versi...
Microsoft .NET Framework Entity Expansion Denial of Service (MS13-082) - Ver2 (CVE-2013-3860)
A denial of service vulnerability exists in the .NET Framework. The vulnerability is caused when the .NET Framework attempts to parse a specially crafted document type definition DTD for XML data when an XML digital signature is validated. An attacker who successfully exploited this vulnerability...
Norton Internet Security NBNS Response Processing Stack Overflow - Ver2 (CVE-2004-0444)
Norton Internet Security is a security solution produced by Symantec corporation. If the Firewall component allows traffic on port 137/UDP, this traffic will be parsed as NetBIOS Name Service messages. There exists a vulnerability in the Symantec Firewall product line. A specially crafted NetBIOS...
Oracle Secure Backup Administration property_box.php Command Injection - Ver2 (CVE-2010-0899)
Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allows for single point of management of data present on network attached storage NAS devices and distributed hosts which may have different operating systems. The data in transit is kept secure ...
Microsoft Windows NT 4.0 DHCP Server Request Buffer Overflow attack - Ver2 (CVE-2004-0900)
A buffer overflow vulnerability has been reported in Microsoft Windows NT. An attacker could exploit this vulnerability via a malformed DHCP message. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application...
Novell GroupWise Internet Agent iCalendar Parsing Denial of Service - Ver2 (CVE-2011-3827)
A denial-of-service vulnerability has been reported in Novell GroupWise Internet Agent. The vulnerability is due to insufficient validation of certain data when parsing a received iCalendar message. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted...
Microsoft Windows AVI File Data Validation Integer Overflow (MS09-038) - Ver2 (CVE-2009-1546)
Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF.This file type used with applications that capture, edit, and play back audio-video sequences. The vulnerability is due to an error in the Windows component responsible for processing AVI files that does not...
Microsoft Visual Studio WMI Object Code Execution (MS06-073) - Ver2 (CVE-2006-4704)
A remote code execution vulnerability exists in Microsoft Visual Studio 2005. Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications,...
HP Intelligent Management Center img Buffer Overflow - Ver2 (CVE-2011-1848)
HP Intelligent Management Center IMC is a stand-alone, comprehensive management platform developed by HP that delivers integrated and modular network management capabilities. IMC Enterprise Edition is designed on a service-oriented architecture SOA using a business application flow model as the...
Microsoft Internet Explorer Memory Corruption (MS13-088: CVE-2013-3871) - Ver2
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Cisco Secure ACS EAPTLS Authentication Bypass - Ver2 (CVE-2004-1099)
An authentication bypass vulnerability has been reported in Cisco Secure Access Control Server Solution Engine, Cisco Secure ACS Solution Engine and Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized...
Adobe Shockwave Player Chunk Parsing Out of Bounds (APSB12-13) - Ver2 (CVE-2012-2031)
A remote code execution vulnerability has been reported in Adobe Shockwave player. The vulnerability is due to a memory corruption error while parsing crafted data in an rcsL chunk within a DIR media file. A remote attacker can exploit this issue by enticing a target user to open a specially...
Microsoft Office Graphics Image Filter WPG Heap Overflow - Ver2 (CVE-2008-3460)
A buffer overflow vulnerability has been reported in Microsoft Works, Microsoft Office Converter Pack and Microsoft Office. An attacker could exploit this vulnerability via a crafted WPG file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...
Linksys WRH54G HTTP Management Interface DoS Code Execution - Ver2 (CVE-2008-2636)
A code execution vulnerability has been reported in Cisco Linksys Wrh54g Router. An attacker could exploit this vulnerability via a URI that begins with a ". Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Excel File Format Code Execution (MS12-030) - Ver2 (CVE-2012-0141)
A remote code execution vulnerability has been reported in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel handles memory when opening specially crafted Excel files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted Exc...
Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)
Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...
PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)
A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...
Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052) - Ver2 (CVE-2008-3014)
Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap information. A remote code execution vulnerability has been discovered in the way GDI+ allocates memory for WMF image files. The vulnerability is d...
Microsoft PowerPoint OfficeArt Atom Remote Code Execution (MS11-022) - Ver2 (CVE-2011-0976)
A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability...
Novell CASA PAM Module Stack Buffer Overflow - Ver2 (CVE-2006-0736)
A buffer overflow vulnerability has been reported in Novell's CASA. The vulnerability is due to a boundary error in the CASA PAM handler 'pammicasa' authentication module. A remote attacker can exploit this vulnerability by gaining root access to any machine with CASA installed...
ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution - Ver2 (CVE-2011-4535)
A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer. The vulnerability is due to a boundary check error. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ZIP archive file with the affected product. Successful...