13538 matches found
Microsoft Internet Explorer Memory Corruption (MS15-043: CVE-2015-1718)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Journal Remote Code Execution (MS15-045: CVE-2015-1696)
A remote code execution vulnerability has been reported in Microsoft Windows Journal. The vulnerability is due to the way Windows Journal processes specially crafted jnt files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted jnt file...
Attachmate Reflection FTP Client PWD Command Buffer Overflow (CVE-2014-5211)
A stack-based buffer overflow vulnerability exists in Attachmate Reflection FTP Client. The vulnerability is caused by insufficient boundary checking while processing PWD command responses. An attacker could exploit this vulnerability by enticing a user to access an FTP server that sends speciall...
Adobe Reader U3D array boundary code execution (APSB10-02: CVE-2009-3953)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
Adobe Flash Player Same Origin Policy Bypass (APSB14-21: CVE-2014-0548)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft .NET Framework Denial of Service (MS15-048: CVE-2015-1672)
A Denial of Service vulnerability has been reported in the Microsoft .Net Framework. The vulnerability is due to an error in the way that Microsoft .Net Framework handles XML documents with an invalid EncryptedData element. A remote attacker could exploit this vulnerability by sending specially...
ManageEngine Multiple Products Multiple Directory Traversal (CVE-2014-7866)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by uploading arbitrary files to...
Fortinet Single Sign On Hello Message Multiple Vulnerabilities - ver 2 (CVE-2015-2281)
Multiple Vulnerabilities exists in Fortinet Single Sign On FSSO. The vulnerabilities are due to a lack of adequate validation of user supplied input when processing HELLO messages. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a specially crafted HELLO message ...
IBM Tivoli Storage Manager FastBack Mount Opcode 0x09 Stack Buffer Overflow (CVE-2015-0119)
A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to insufficient input validation of opcode 0x09 messages before copying user-supplied data into a stack buffer. A remote unauthenticated attacker could exploit this...
GNU C Library glibc getanswer_r Buffer Overflow (CVE-2015-1781)
A code execution vulnerability exists in GNU C Library. The vulnerability is due to an error within the getanswerr function when handling DNS response resulting in a buffer overflow. A remote attacker can exploit this vulnerability by providing a specially-crafted DNS response to an application...
Novell ZENworks Configuration Management GetStoredResult.class SQL Injection (CVE-2015-0780)
An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of the input parameter in the GetReRequestData method of the GetStoredResult class before it is used in an SQL query. A remote attacker can exploit this vulnerability ...
ESF pfSense webgui deletefile Directory Traversal (CVE-2015-2295)
A directory traversal vulnerability has been reported in Electric Sheep Fencing pfSense firewall. This vulnerability is due to insufficient validation of the deletefile HTTP request parameter in "/systemfirmwarerestorefullbackup.php". By convincing an authenticated user to click on a crafted link...
RIG Exploit Kit Landing Page
RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
Novell ZENworks Configuration Management UploadServlet Directory Traversal (CVE-2015-0779)
A directory traversal vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to insufficient input validation within the ZENworks Server's UploadServlet. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto th...
PHP Core unserialize process nested data Use After Free - ver 2 (CVE-2014-8142; CVE-2015-0231)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...
ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)
A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module modcopy. Successful exploitation would result in arbitrary code execution on target system...
WordPress Overly Long Comment Cross-Site Scripting (CVE-2015-3440)
A cross-site scripting vulnerability has been reported in WordPress comment mechanism. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system, and possibly gain root privileges...
Microsoft ExchangeDLP Cross Site Scripting (MS15-026; CVE-2015-1629)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by modifying certain properties within Outlook Web App and...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0360)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted mp4 file...
Fortinet Single Sign On Hello Message Multiple Vulnerabilities (CVE-2015-2281)
Multiple Vulnerabilities exists in Fortinet Single Sign On FSSO. The vulnerabilities are due to a lack of adequate validation of user supplied input when processing HELLO messages. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a specially crafted HELLO message ...
Adobe Flash Player Use After Free Remote Code Execution (APSB15-06: CVE-2015-0351)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Microsoft Windows System CallBack Privilege Escalation (CVE-2015-1701)
A privilege escalation vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Adobe Flash Player ActionScript Object Remote Code Execution (APSB15-06: CVE-2015-3043)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a memory corruption in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a web page containing a specially crafted SWF file...
Unzip Extra Field Uncompressed Size Buffer Overflow (CVE-2014-9636)
A buffer overflow vulnerability exists in Info-ZIP UnZip tool. The vulnerability is due to insufficient bounds checking on user-supplied input while handling ZIP files. A remote unauthenticated attacker can exploit these vulnerabilities by enticing a target user to open a crafted ZIP archive with...
Lexmark Markvision Enterprise LibraryFileUploadServlet Directory Traversal (CVE-2014-9375)
A directory traversal vulnerability has been reported in Lexmark Markvision Enterprise. The vulnerability is due to insufficient input validation in LibraryFileUploadServlet when processing zip files. A remote, unauthenticated attacker could exploit this vulnerability by enticing the target user ...
OpenSSL ASN1_TYPE_cmp Denial of Service (CVE-2015-0286)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference error when an OpenSSL application receives and processes a crafted certificate...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-3042)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Security Bypass(APSB15-06: CVE-2015-3044)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Apache Qpid Sequence Set Denial of Service (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to way the Qpid daemon qpidd processes certain protocol sequences. A remote, unauthenticated attacker could exploit this vulnerability by sending a control or command assembly with malicious parameters. Successful...
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
A policy bypass vulnerability has been reported in Mozilla Firefox and SeaMonkey. The vulnerability is due to an issue with processing the derived trap has. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted webpage...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0358)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
SolarWinds Orion GetAccountGroups Multiple SQL Injections (CVE-2014-9566)
Multiple SQL injection vulnerabilities have been reported in SolarWinds products. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccountGroups. Remote attackers could exploit this vulnerability by sending HTTP requests with a crafted dir or sor...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0354)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MPEG-2 transport stream file. A remote attacker can exploit this issue and lead to code execution...
Max Ping Echo Reply Size
An attacker might send an echo reply with large data, trying to compromise the security of the victim's machine...
Adobe Flash Player Double Free (APSB15-06: CVE-2015-0359)
A code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF fil...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-3041)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-3038)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted swf file. A remote attacker can exploit this issue and lead to code execution...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0353)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MPEG-2 TS file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted MPEG-2 TS file...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0355)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MPEG-2 TS file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted MPEG-2 TS file...
Adobe Flash Player Memory Leakage (APSB15-06: CVE-2015-0357)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Type Confusion (APSB15-06: CVE-2015-0356)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Memory Leak (APSB15-06: CVE-2015-3040)
A memory leak vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Flash Player while handling specially crafted swf files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted swf...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0347)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Buffer Overflow (APSB15-06: CVE-2015-0348)
A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Use After Free Code Execution (APSB15-06: CVE-2015-0349; CVE-2015-3039)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Double Free (APSB15-06: CVE-2015-0346)
A double free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error caused by an attempt of handling specially crafted SWF files. Successful exploitation would allow an attacker to execute arbitrary code...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0350)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted JPEG-XR images. A remote attacker can exploit this issue and lead to code execution...
Adobe Flash Player Memory Corruption (APSB15-06: CVE-2015-0352)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted MP4 file...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1665)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...