13538 matches found
MySQL yaSSL Certificate Packet Stack Overflow - Ver2 (CVE-2009-4484)
A buffer overflow vulnerability has been reported in MySQL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Microsoft Internet Explorer EUC-JP Character Encoding Cross Site Scripting - Ver2 (CVE-2013-3192)
A universal cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that IE handles EUC-JP character encoding. A remote attacker could exploit this vulnerability by submitting specially crafted HTML code into a target web site that uses EUC-JP...
ISC BIND EDNS Option Processing Denial of Service - Ver2 (CVE-2014-3859)
A denial of service vulnerability has been reported in ISC BIND. The vulnerability is caused by an assertion failure when processing the EDNS option. A remote attacker may exploit this vulnerability by sending a specially crafted query to the affected servers. Successful exploitation would result...
SOAPUI Remote Code Execution - Ver2 (CVE-2014-1202)
A code execution vulnerability has been reported in Eviware SoapUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow - Ver2 (CVE-2010-3974)
A heap buffer overflow vulnerability has been discovered in Microsoft Windows Fax Services. The Windows Fax Service is a component that allows a Windows system to act as a Fax server. One of the tools within this fax suite is the Fax Console, which allows a user to monitor the sending and receivi...
Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038) - Ver2 (CVE-2009-1545)
Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...
Apple Safari KWQListIteratorImpl HTML Tag Handling DoS - Ver2 (CVE-2006-1986)
A denial-of-service vulnerability has been reported in Apple Safari. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Ultra Mini HTTPD Resource Name Request Handling Stack Buffer Overflow - Ver2 (CVE-2013-5019)
A buffer overflow vulnerability has been reported in Vector Ultra Mini HTTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Internet Explorer HTML Help Remote Code Execution (MS05-001) - Ver2 (CVE-2004-1043)
Microsoft Internet Explorer executes with the concept of security zones, which enables the browser to apply different security policies based on the origin of the file that is being rendered. For instance, separate restrictions may be set for remote content and for local content. As a rule,...
Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
Zavio IP Camera Firmware 1603 OS Command Injection - Ver2 (CVE-2013-2570)
A command injection vulnerability has been reported in Zavio F3105 and F312A IP cameras. The vulnerability is due to an input passed via the 'General.Time.NTP.Server' function, when parameter is not properly sanitized upon submission to the subC8C8 function in /opt/cgi/view/param. Successful...
Internet Explorer DHTML Object Memory Corruption (MS05-020) - Ver2 (CVE-2005-0553)
The Microsoft Internet Explorer application is primarily used for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. This application has a built in functionality to interpret JavaScript and VBScript code. It is also capable of using the Document...
Lotus Notes URI Handler Argument Injection - Ver2 (CVE-2004-0480)
A code execution vulnerability has been reported in IBM Lotus Notes. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Dnsmasq Malicious BLKSIZE Option NULL Dereference Denial of Service (CVE-2009-2958)
A denial-of-service vulnerability has been reported in Thekelleys Dnsmasq. The vulnerability is due to a NULL pointer dereference in the tftprequest function inside src/ftpd.c. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on t...
PHP Exif Header Parsing Integer Overflow - Ver2 (CVE-2011-4566)
An integer overflow vulnerability has been reported in PHP. The vulnerability is due to lack of EXIF data validation. A Remote attacker could exploit this vulnerability by uploading a specially crafted image to the target server. Successful exploitation could result in sensitive information...
Microsoft Windows Task Scheduler Buffer Overflow attack - Ver2 (CVE-2004-0212)
A buffer overflow vulnerability has been reported in Microsoft Windows. A remote attacker can cause arbitrary code execution resulting in a loss of integrity using a specially crafted .job file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code ...
Oracle GlassFish Server Administration Console Authentication Bypass - Ver2 (CVE-2011-1511)
An authentication bypass vulnerability has been reported in the administration console of Oracle GlassFish. The vulnerability is due to an error while processing HTTP TRACE requests. A remote attacker can exploit this vulnerability by sending a crafted TRACE request to the target. Successful...
Interactive Data eSignal Listener Buffer Overflow - Ver2 (CVE-2004-1868)
eSignal is a real-time market data and support tool provided by Interactive Data Corporation. The product supplies financial market data and more for traders over the internet. To facilitate the receipt of incoming data, eSignal opens a local, listening socket on TCP Port 80. There exists a buffe...
Microsoft Word RTF Object Parsing Memory Corruption (MS08-072) - Ver2 (CVE-2008-4030)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...
Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032) - Ver2 (CVE-2004-0209)
The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...
Internet Explorer Malformed GIF File Double Free (MS04-025) - Ver2 (CVE-2003-1048)
The Graphics Interchange Format GIF defines a file format intended for the on-line transmission and interchange of raster graphic data. It uses the LZW compression algorithm to minimize file sizes. A double free vulnerability exists in the way Microsoft Internet Explorer handles images of the GIF...
Microsoft HSC URL RemoteCodeExecution (MS04-011) - Ver2 (CVE-2003-0907)
A vulnerability exist in the way Help and Support Center HSC validates URLs with the scheme hcp://. There is a vulnerability in the way the Microsoft Help and Support Center processes URL strings. The vulnerability could be exploited to run malicious JavaScript code in the security context of "My...
Adobe Flash Player Cross Domain Policy Bypass (APSB15-05: CVE-2015-0340)
Adobe Flash Player is vulnerable to a cross domain policy bypass. If a maliciously crafted file is opened on the target computer, it could initiate a file upload without a user initiated action and to another domain without verifying the cross domain policy...
Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...
Domain Name Fake SSL Certificate
A vulnerability has been discovered in the way Microsoft Windows handles digital certificates. The vulnerability is due to an improperly issued SSL certificate for the domain “live.ly”. Successful exploitation could allow a remote attacker to perform a man-in-the-middle attack on the remote host...
Adobe Flash Player Use After Free Remote Code Execution (APSB15-05: CVE-2015-0341)
A Use-after-free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error while handling nested objects in the swf file. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted swf file, that can lead to execute...
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0337)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Integer Overflow Remote Code Execution (APSB15-05: CVE-2015-0338)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a design flaw that could lead to integer overflow. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0333)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0339)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0332)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue and lead to code execution...
Adobe Flash Player Type Confusion Code Execution (APSB15-05: CVE-2015-0334)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...
Microsoft PowerPoint Malformed Record Code Execution (MS06-058) - ver 2 (CVE-2006-4694)
A memory corruption vulnerability has been reported in Microsoft PowerPoint. The flaw is caused by an insufficient checks of a malformed record contained within a PowerPoint file. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the...
Shodan.io Internet Of Things Portal
Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...
Acunetix Web Scanner
Acunetix is a vulnerability scanning product. Remote attackers can use Acunetix to detect vulnerabilities on a target server...
Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)
A security bypass vulnerability has been reported in Mozilla Firefox browser. The vulnerability is due to a weakness in the WebRTC protocol. The vulnerability can be exploited through the use of a man-in-the-middle attack. Successful exploitation would allow attackers to decrypt online traffic...
Masscan Port Scanner
Masscan is a port scanning product. Use of this product might indicate an attempt to collect data regarding the target network, and use it for future attacks...
HappyMall E-Commerce Software Member_HTML.CGI Command Execution (CVE-2003-0243)
A command Execution Vulnerability has been reported in HappyMall E-Commerce Software. The vulnerability is due to improper filtering of the normalhtml.cgi / memberhtml.cgi scripts, while passing pipe and semi-colon characters in the URL. A remote attacker can create a specially crafted URL to cau...
AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)
A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...
Jays Shell Booter Denial of Service Tool
Jays Shell Booter is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot b...
FireFlood Denial of Service Tool
FireFlood is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be enforc...
WordPress Contact Form DB Plugin Cross-Site Scripting (CVE-2015-2040)
A cross-site scripting vulnerability has been reported in WordPress Contact Form DB Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
JavaScript String Inflation Evasion
An attacker might utilize various evasion technique in order to evade detection by IPS devices...
JavaScript String Dissection Evasion
An attacker might utilize various evasion technique in order to evade detection by IPS devices...
JavaScript String Reversal Evasion
An attacker might utilize various evasion technique in order to evade detection by IPS devices...
JavaScript Data Encoding Evasion
An attacker might utilize various evasion technique in order to evade detection by IPS devices...
Wordpress Reflex Gallery Plugin Arbitrary File Upload
An unauthorized file upload vulnerability has been reported in Wordpress Reflex Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
Microsoft Word Local Zone Remote Code Execution (MS15-022; CVE-2015-0097)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...
Microsoft Office Component Use After Free (MS15-022: CVE-2015-0085)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Exchange Forged Meeting Request Spoofing (MS15-026; CVE-2015-1631)
A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server fails to properly validate meeting organizer identity when accepting or modifying meeting requests. A remote attacker can exploit this issue by sending a specially crafted...