13538 matches found
OpenSSL ClientHello signature_algorithms Extension Denial of Service (CVE-2015-0291)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference when an OpenSSL server application, during renegotiation, receives and processes an invalid signaturealgorithms extension in a Client Hello handshake message. A remote, unauthenticated...
Microsoft Internet Explorer Memory Corruption (MS15-032 : CVE-2015-1661)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1667)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to A flaw in Internet Explorer in which a CMapStringToPtr object is written to after being released. A remote attacker can exploit this issue by enticing a victim to view a specially...
Microsoft Windows HTTP.sys Remote Code Execution (MS15-034: CVE-2015-1635)
A remote code execution vulnerability has been reported in Windows OS. The vulnerability is due to an error in the way HTTP.sys handles a malicious HTTP header. Successful exploitation would result in a remote code execution...
Microsoft Office Component Use After Free (MS15-033: CVE-2015-1650)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)
A cross-site scripting vulnerability has been reported in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the zone variable in the statuscaptiveportal page. A remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user...
Microsoft SharePoint Cross-site Scripting (MS15-036; CVE-2015-1653)
An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...
Microsoft XML Core Services (MSXML) (MS15-039: CVE-2015-1646)
A security feature bypass vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to a flaw that allows external entities in XML documents to be expanded into different-origin web site contents or local file contents. A remote attacker can exploit this issue...
Microsoft Office Memory Corruption (MS15-033: CVE-2015-1641)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1668)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows MS-DOS Device Name Elevation of Privilege (MS15-038; CVE-2015-1644)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Microsoft Windows fails to properly validate and enforce impersonation levels. A remote attacker can exploit this issue by logging on to the system and running a specially crafted application...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1657)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Component Use After Free (MS15-033: CVE-2015-1649)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is triggered when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
HTTP Suspicious SMB Redirection
A vulnerability has been discovered in the way numerous Windows-based applications follow HTTP redirection messages. By enticing a user to connect to a malicious Web server or by using Man in the Middle techniques, an attacker might cause a vulnerable application to initiate an SMB connection to ...
PHP Group PHP ZIP Integer Overflow (CVE-2015-2331)
A heap buffer overflow vulnerability exists in PHP. The vulnerability is due to an integer overflow in the libzip component of PHP. A remote attacker can exploit this vulnerability by sending a crafted ZIP archive to a web application running a vulnerable version of PHP. A successful attack can...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1660)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft ASP.NET Information Disclosure (MS15-041; CVE-2015-1648)
An information disclosure vulnerability exists in Microsoft .NET Framework. The vulnerability is due to improper requests sanitization on servers with error messages disabled. A remote attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1659)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Component Use After Free (MS15-033: CVE-2015-1651)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is triggered when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1666)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1652)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows EMF Processing Remote Code Execution (MS15-035; CVE-2015-1645)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly processes specially crafted Enhanced Metafile EMF image format files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted EMF...
PHP Web Shells Malicious Known Variables
There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
Microsys Promotic PmBase64Decode Buffer Overflow (CVE-2014-9205)
A stack-based buffer overflow vulnerability exists in Microsys's Promotic. The vulnerability is due to an insufficient boundary check on user-supplied data in the PmBase64Decode function. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted base64...
Multiple SolarWinds Orion GetAccounts SQL Injections (CVE-2014-9566)
Multiple SQL injection vulnerabilities have been reported in SolarWinds products. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccounts. Remote attackers could exploit this vulnerability by sending HTTP requests with a crafted dir or sort...
Linux Kernel SCTP Chunk Parameter Padding Denial of Service (CVE-2014-3673)
A denial of service vulnerability has been reported in the SCTP networking module of the Linux kernel. The vulnerability is due to an error while processing crafted chunks. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A...
DIY CMS 1.0 Poll - Multiple Vulnerabilities (CVE-2012-6518)
Multiple web vulnerabilities were discovered in DIY v1.0 Content Management System. The vulnerabilities are due to improper input validation within several methods. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary SQL commands which can result in the...
WebGate Multiple Products WESPMonitor Stack Buffer Overflow (CVE-2015-2097)
A stack buffer overflow vulnerability exists in multiple products of WebGate. The vulnerability is due to insufficient boundary checks when processing parameters of methods LoadImage and LoadImageEx of the WESPMONITORLib.WESPMonitorCtrl ActiveX control. A remote attacker could exploit this...
VSFTPD Invalid User Name Code Execution
An attacker might use a malicious backdoor that was added to the VSFTPD download archive. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
SolarWinds Server and Application Monitor loadExtensionFactory Stack Buffer Overflow (CVE-2015-1500)
A stack buffer overflow vulnerability exists in SolarWinds Server and Application Monitor. The vulnerability is due to insufficient validation in loadExtensionFactory method of a 'factory' object. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a...
Apache Qpid Session.gap Denial of Service - ver 2 (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...
HP Point of Sale OPOS Driver OPOSPOSKeyboard.ocx Open Method Buffer Overflow (CVE-2014-7891)
A buffer overflow vulnerability exists in the OPOSPOSKeyboard.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user controller data to the Open method.A remote, unauthenticated attacker can exploit this vulnerability by...
SolarWinds Server and Application Monitor loadExtensionFactory Code Execution (CVE-2015-1501)
A code execution vulnerability exists in SolarWind Server and Application Monitor. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a malicious website. Successful exploitation could allow arbitrary code execution within security context of the...
Apache Qpid Session.gap Denial of Service (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...
WordPress Download Manager Plugin Privilege Escalation (CVE-2014-9260)
A privilege escalation vulnerability has been found in WordPress Download Manager Plugin. An authenticated remote attacker may leverage this vulnerability to gain administrative access to the vulnerable server...
ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560)
An access control weakness vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to design error in limiting the admin's password reset functionality to authorized admin users only. This allows any remote unauthenticated users to access the administrative control panel of...
Eclipse Foundation Jetty Web Server HttpParser Remote Information Disclosure (CVE-2015-2080)
An information disclosure vulnerability exists in Eclipse Foundation Jetty Web Server. The vulnerability is due to improper parsing of HTTP requests that can lead to information disclosure via HTTP responses from the server. A remote attacker can exploit this vulnerability by sending HTTP request...
Bull-Dosa Denial of Service Tool
Bull-Dosa is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple packets that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be enforced by...
Torshammer Denial of Service Tool
Torshammer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
DarkMagic Flooder Denial of Service Tool
DarkMagic Flooder is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple packets that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be...
PHP DateTimeZone Object timezone Unserialize Type Confusion
A code execution vulnerability has been reported in PHP. The vulnerability is due to a type confusion error when handling serialized DateTimeZone objects within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application runnin...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0031)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass (CVE-2015-2284)
A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this...
HP Point of Sale OPOS Driver opostoneindicator.ocx Open Method Stack Buffer Overflow (CVE-2014-7890)
A buffer overflow vulnerability exists in the opostoneindicator.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user supplied parameter value to the Open method. A remote, unauthenticated attacker can exploit this...
Oracle Data Quality LoaderWizard DataPreview Type Confusion (CVE-2015-0446)
A remote code execution vulnerability has been reported in Oracle Data Quality LoaderWizard DataPreview method contained in the TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to type confusion when handling data passed to it. A remote attacker can exploit this vulnerability b...
Samsung iPOLiS Device Manager WriteConfigValue Stack Buffer Overflow (CVE-2015-0555)
A stack-based buffer overflow vulnerability exists in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation of a parameter passed to WriteConfigValue of the XnsSdkDeviceIpInstaller ActiveX control. A remote attacker can exploit this vulnerability by enticing a...
Schneider Electric Pelco DS-NVs Rvctl.RVControl Buffer Overflow (CVE-2015-0982)
A buffer overflow vulnerability exists in Schneider Electric Pelco DS-NV Software package. The vulnerability is due to insufficient input validation on a user-supplied input in the SetText method before it is copied into a fixed length buffer on stack. A remote unauthenticated attacker can exploi...
Microsoft PowerPoint Malformed Record Code Execution (MS06-058; CVE-2006-4694)
Microsoft PowerPoint is a popular presentation application that is usually released as part of the Microsoft Office suite. The application can create complex presentations using graphics, video and sound. The common extension used for Microsoft PowerPoint documents is .ppt. There exists a memory...
Knet Web Server HTTP Request Denial of Service - Ver2 (CVE-2005-0575)
A denial-of-service vulnerability has been reported in Stormy Studios Knet. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Apple Mac OS X Multiple Vulnerabilities - Ver2 (CVE-2013-5135)
Multiple Vulnerabilities exist in Apple Mac OS X. A remote attacker could exploit these vulnerabilities by executing arbitrary code, disclosing information, creating denial of service or bypassing policies on a vulnerable system...