13538 matches found
Adobe Flash Player Heap Buffer Overflow (APSB15-04: CVE-2015-0327)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Buffer Overflow (APSB15-04: CVE-2015-0324)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a buffer overflow while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Null Pointer(APSB15-04: CVE-2015-0325)
A null pointer dereference issues vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0322)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Null Pointer Dereference (APSB15-04: CVE-2015-0326)
A null pointer dereference vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a null pointer dereference while accessing URLRequest object. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted file...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0321)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
ManageEngine ServiceDesk Plus User Privileges Bypass (CVE-2015-1480)
A policy bypass vulnerability exists in ManageEngine ServiceDesk Plus. The vulnerability is due to a design weakness when handling certain URLs which require administrative access. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to the target...
Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0320)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Microsoft Windows Group Policy Remote Code Execution (MS15-011; CVE-2015-0008)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. An attacker can exploit this vulnerability by convincing a victim with a...
WordPress Image Metadata Cruncher Plugin Cross Site Request Forgery (CVE-2015-1614)
A cross-site request forgery CSRF vulnerability has been reported in WordPress Image Metadata Cruncher Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...
WordPress Mobile Domain Plugin Cross Site Request Forgery (CVE-2015-1581)
A cross-site request forgery CSRF vulnerability has been reported in WordPress Mobile Domain Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...
SuperFish Adware Root Certificate
SuperFish Adware is a software that uses SSL man-in-the-middle MitM technique in order to intercept SSL sessions and inject its own content into the session. Successful exploitation might result in disclosure of confidential or private information passed over the SSL channel, or in such informati...
WordPress DesignFolio-Plus Theme Arbitrary File Upload
An unauthorized file upload vulnerability has been reported in WordPress DesignFolio-Plus Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
WordPress Redirection Page Plugin Cross Site Request Forgery (CVE-2015-1580)
A cross-site request forgery CSRF vulnerability has been reported in WordPress Redirection Page Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...
WordPress Foxypress Plugin Unrestricted File Upload
An unauthorized file upload vulnerability has been reported in WordPress Foxypress Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...
WordPress Infusionsoft Gravity Forms Add-on Plugin Unrestricted File Upload
An unauthorized file upload vulnerability has been reported in WordPress Infusionsoft Gravity Forms Add-on Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a...
WordPress Holding Pattern Theme Arbitrary File Upload (CVE-2015-1172)
An unauthorized file upload vulnerability has been reported in WordPress Holding Pattern Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
WordPress Fusion Theme Arbitrary File Upload (CVE-2015-2194)
An unauthorized file upload vulnerability has been reported in WordPress Fusion Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...
Adobe Flash Player Type Confusion Code Execution (APSB15-04: CVE-2015-0319)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...
Adobe Flash Player Type Confusion Code Execution (APSB15-04: CVE-2015-0317)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...
Google Email Application Header Parsing Denial Of Service
A vulnerability in the Google email application has been found. The vulnerability occurs when processing a malicious email message. An attacker can remotely perform a Denial Of Service attack by sending a specially crafted email...
PHP exif Extension exif_read_data NULL Pointer Dereference (CVE-2015-0232)
A code execution vulnerability exists in PHP's exif extension. The vulnerability is due to a NULL Pointer dereference inside the exifreaddata function. A remote attacker can exploit this vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0318)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0316)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...
RPM Package Manager CPIO Header NameSize Integer Overflow (CVE-2014-8118)
A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a...
Schneider Electric ProClima MetaDraw ArrangeObjects Memory Corruption (CVE-2014-9188)
A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to the dereferencing of an attacker supplied memory address by the MetaDraw ActiveX control's ArrangeObjects method. A remote unauthenticated attacker could exploit this vulnerability by...
McAfee ePolicy Orchestrator XML Entity Injection (CVE-2015-0921)
An XML External Entity vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an input validation error in the ePO-web application. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...
Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0315)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Oracle Java PhantomReference Use After Free (CVE-2015-0395)
A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a use after free error when handling phantom object references in the Hotspot JVM garbage collector. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user...
Wordpress Photo Gallery Plugin Unrestricted File Upload (CVE-2014-9312)
An unauthorized file upload vulnerability has been reported in Wordpress Photo Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
Wordpress Survey And Poll Plugin SQL Injection (CVE-2015-2090)
An SQL injection vulnerability has been reported in Wordpress Survey and Poll Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress SEO by Yoast Plugin SQL Injection (CVE-2015-2292)
An SQL injection vulnerability has been reported in WordPress SEO by Yoast Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Wordpress Video Gallery Plugin SQL Injection (CVE-2014-9097)
An SQL injection vulnerability has been reported in Wordpress Video Gallery Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0314)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0040)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0050)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Shared Component ASLR Bypass (MS15-013; CVE-2014-6362)
A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization ASLR by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0043)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer ASLR Bypass (MS15-009: CVE-2015-0051)
A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0048)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0049)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0035)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0018)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0038)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer ASLR Bypass (MS15-009: CVE-2015-0071)
A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0046)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows TIFF Processing Information Disclosure (MS15-016; CVE-2015-0061)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles uninitialized memory when parsing specially crafted TIFF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0023)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows TrueType Font Parsing Remote Code Execution (MS15-010; CVE-2015-0059)
A remote code execution vulnerability exists in the Windows kernel-mode driver Win32k.sys. The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file...