13538 matches found
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0032)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0056)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Exchange Error Message Cross Site Scripting (MS15-026; CVE-2015-1632)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by enticing a victim to open a specially crafted URL...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0099)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-1623)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-1626)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-1625)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-1624)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows Netlogon Spoofing (MS15-027; CVE-2015-0005)
A spoofing vulnerability exists in the Netlogon service. The vulnerability is caused when the Netlogon service improperly establishes a secure communications channel, when given a computer name, without challenging for credentials. A remote attacker may exploit this issue by sending a specially...
Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0090)
A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft Windows ATMFD Font Driver Information Disclosure (MS15-021: CVE-2015-0087)
An Information disclosure vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is caused when the Font Driver tries to read or display certain fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft Malformed PNG Parsing Information Disclosure (MS15-024; CVE-2015-0080)
An information disclosure vulnerability has been reported in Microsoft Malformed PNG Parsing. The vulnerability is triggered when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted PNG image format files. A remote attacker can exploit this issue by...
Microsoft Windows Remote Desktop Protocol Denial of Service (MS15-030; CVE-2015-0079)
A denial of service vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP. The vulnerability is caused when RDP does not properly handle objects in memory. A remote attacker can exploit this issue by exhausting the system memory by creating multiple RDP sessions...
Microsoft Exchange Cross Site Scripting (MS15-026; CVE-2015-1630)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by modifying certain properties within Outlook Web App and...
Microsoft SharePoint User Name XSS (MS15-022; CVE-2015-1633)
An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...
Microsoft Windows Text Services Remote Code Execution (MS15-020; CVE-2015-0081)
A remote code execution vulnerability has been reported in Windows Text Services. The vulnerability is due to an error in the way Windows Text Services handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Windows ATMFD Font Driver Information Disclosure (MS15-021: CVE-2015-0089; CVE-2015-1670)
This protection will detect and block attempts to exploit this vulnerability...
Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0091)
A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-1634)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0092)
A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft JPEG XR Parser Information Disclosure (MS15-029; CVE-2015-0076)
An information disclosure vulnerability has been reported in Microsoft JPEG XR Parser. The vulnerability is triggered when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted JPEG XR image format files. A remote attacker can exploit this issue by enticing...
Microsoft Outlook Web Access Modified Canary Parameter Cross Site Scripting (MS15-026; CVE-2015-1628)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by enticing a victim to open a specially crafted URL...
Microsoft DLL Planting Remote Code Execution (MS15-020; CVE-2015-0096)
A remote code execution vulnerability has been reported in Microsoft Windows . The vulnerability is due to an error in the way Microsoft Windows improperly handles the loading of DLL files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0093)
A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
MC-SQLR Reflected Denial of Service
The SQL Server Resolution Protocol MC-SQLR is an application-layer request/response protocol that facilitates connectivity to a database server. The MC-SQLR server may be vulnerable to reflected DDoS attacks, due to its inability to handle a large number of incoming requests within a short period...
Microsoft Internet Explorer Elevation of Privilege (MS15-018: CVE-2015-1627)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Wordpress Reflex Gallery Plugin Arbitrary File Upload
An unauthorized file upload vulnerability has been reported in Wordpress Reflex Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
CCMPlayer Stack based Buffer Overflow (CVE-2011-5170)
A stack buffer overflow vulnerability has been reported in CCMPlayer 1.5. The vulnerability is due to a lack of boundary check when handling M3U files. Successful exploitation could allow arbitrary code execution in the context of the target user...
PHP Date Time Object Unserialize Memory Corruption (CVE-2015-0273)
A code execution vulnerability has been reported in PHP. The vulnerability is due to a use-after-free error when handling serialized Date/Time objects within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application running a...
WordPress WooCommerce Plugin Cross-Site Scripting (CVE-2015-2069)
A cross-site scripting vulnerability has been reported in WordPress WooCommerce plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
Dell ScriptLogic Asset Manager SQL Injection remote code execution (CVE-2015-1605)
A remote code execution vulnerability has been reported in Dell ScriptLogic Asset Manager. The vulnerability is due to insufficient input validation while processing requests to GetProcessedPackage.aspx or GetClientPackage.aspx, this enables attacker to inject SQL code. A remote attacker can...
OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)
A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
SSL Export Cipher Suite (CVE-2015-0204; CVE-2015-1637)
Communication with SSL servers using weak, legacy "export-grade" cipher suites might be prone to attacks trying to intercept secure communications...
Apache Tomcat ChunkedInputFilter Denial of Service (CVE-2014-0227)
A resource exhaustion vulnerability has been identified in Apache Tomcat as it processes Chunked-Transfer encoded requests. The flaw is caused due to an error in ChunkedInputFilter that enables an attacker to stream an unlimited amount of data to the server. A remote attacker could exploit this...
Schneider Electric Multiple Products IsObjectModel RemoveParameter Stack Buffer Overflow (CVE-2014-9200)
A code execution vulnerability exists in multiple Schneider Electric products. The vulnerability is due to a stack buffer overflow in the RemoveParameter method of the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. A remote unauthenticated attacker could exploit this...
Samba smbd ServerPasswordSet RPC Memory Corruption (CVE-2015-0240)
This protection will detect and block attempts to exploit this vulnerability...
HP Universal CMDB JMX Console Authentication Bypass (CVE-2014-7883)
An authentication bypass vulnerability exists in HP Universal CMDB. The vulnerability is in the JMX Console web application. The vulnerability is due to a design weakness in processing HTTP requests that are neither GET nor POST. A remote unauthenticated attacker can exploit this vulnerability by...
Suspicious Domain Name Request
This protection detects suspicious domain names in HTTP and SMTP requests...
Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)
A command-injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user-supplied input when processing database backup commands from the Web UI. A remote, authenticated attacker could exploit this vulnerability by...
Corel Multiple Products Multiple Insecure Library Loading (CVE-2014-8393)
Multiple insecure library loading vulnerabilities have been reported in multiple Corel products. The vulnerabilities are due to the insecure loading of a number of libraries. These include but are not limited to, Wintab32.dll, TDMgd3.089.dll, wacommt.dll, and quserex.dll. A remote attacker could...
Adobe Flash Player Heap Buffer Overflow (APSB15-04: CVE-2015-0323)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure (CVE-2014-7863)
An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can...
WordPress Easing Slider Plugin Cross-Site Request Forgery (CVE-2015-1436)
A cross-site request forgery CSRF vulnerability has been reported in WordPress Easing Slider Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker-controlled website...
WordPress Google Doc Embedder Plugin Cross-Site Scripting (CVE-2015-1879)
A cross-site scripting vulnerability has been reported in WordPress Google Doc Embedder Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0330)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
WordPress Slimstat Plugin SQL Injection
An SQL injection vulnerability has been reported in Wordpress Slimstat Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Adobe Flash Player Null Pointer Dereference (APSB15-04: CVE-2015-0328)
A null pointer dereference vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a null pointer dereference while accessing a malformed swf file. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted swf file...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0329)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
PDF Containing Obfuscated JavaScript Code (CVE-2010-0188; CVE-2010-2883)
New exploits were released for several remote code execution vulnerabilities that were discovered in the way Adobe Acrobat Reader and Foxit Reader handle specially crafted PDF files. Although various security products provide coverage against many malformed PDF files vulnerabilities, these new...