13538 matches found
Internet Explorer ASLR Bypass (MS15-009: CVE-2015-0069)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Remote Code Execution (MS15-009: CVE-2015-0070)
A cross-site scripting vulnerability have been reported in Internet Explorer 9. The vulnerability is due to insufficient input validation while processing malformed request. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web-page and run an arbitrar...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0044)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0020)
A use after free vulnerability exists, where Internet Explorer attempts use a CTreeNode object that has been deleted. This vulnerability could be leveraged to execute arbitrary code in the context of the current user...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0067)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Elevation of Privilege (MS15-009: CVE-2015-0055)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0025)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0030)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows SMB Security Feature Bypass (MS15-014; CVE-2015-0009)
A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy settings are applied when SMB signing failures occur. An attacker can exploit this vulnerability by a man-in-the-middle attack that modifies domain controller responses to client...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0036)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0019)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0037)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0042)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0041)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0068)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0053)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0021)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0052)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0029)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0026)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows TrueType Font Parsing Remote Code Execution (MS15-010; CVE-2015-0059)
A remote code execution vulnerability exists in the Windows kernel-mode driver Win32k.sys. The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0045)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Word Memory Corruption (MS15-012: CVE-2015-0064)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially craft...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0017)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel Memory Corruption (MS15-012: CVE-2015-0063)
A remote code execution vulnerability has been reported in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel handles memory when opening specially crafted Office files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted...
Microsoft Word OneTableDocumentStream Remote Code Execution (MS15-012; CVE-2015-0065)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially craft...
Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0023)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
SAP SQL Anywhere .NET Data Provider Column Alias Buffer Overflow (CVE-2014-9264)
A buffer overflow vulnerability exists in SAP SQL Anywhere .NET Data Provider. The vulnerability is caused by insufficient boundary checks in the handling of column aliases. If an application allows untrusted input to be used as the column alias in an SQL query, by sending crafted requests to the...
Wordpress Shopping Cart Plugin Unrestricted File Upload (CVE-2014-9308)
An unauthorized file upload vulnerability has been reported in Wordpress Shopping Cart Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...
Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-9158)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
PHP Core unserialize process nested data Use After Free (CVE-2014-8142)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...
OpenSSL DTLS Anonymous ECDH Denial of Service (CVE-2014-3510)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an unspecified issue when processing Anonymous ECDH cipher suites over DTLS connections. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...
Adobe Flash Player Remote Code Execution (APSA15-02: CVE-2015-0313)
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code via unknown vector. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Internet Explorer Same Origin Policy Bypass (CVE-2015-0072)
A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by...
HanJuan Exploit Kit Landing Page (CVE-2015-0313)
HanJuan exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with HanJuan exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution...
Adobe Flash Player Heap Buffer Overflow (APSB14-24: CVE-2014-0589)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Schneider Electric ProClima ATX45 SetHtmlFileName Heap Buffer Overflow (CVE-2014-8511)
A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability...
Trihedral VTScada Web Interface Integer Overflow (CVE-2014-9192)
An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denia...
AlienVault OSSIM Arbitrary Command Injection
An arbitrary command injection vulnerability has been reported in AlienVault OSSIM. The vulnerability is due to insufficient validation of the password. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the affected server...
WordPress FancyBox Plugin Code Injection (CVE-2015-1494)
A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters...
Zend PHP Advanced Local File Inclusion (CVE-2010-2094)
This vulnerability class creates a new method for attackers for exploiting file inclusion vulnerabilities. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the compromised machine...
Zend PHP Auto Loading Mechanism Local File Inclusion
This vulnerability is due to unexpected behavior of the Auto-Loading mechanism in the PHP language. Successful exploitation of this vulnerability could allow a remote attacker to include arbitrary files found on the server and could possibly lead to remote code execution...
OpenSSL DTLS SRTP Extension Parsing Denial of Service (CVE-2014-3513)
A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of service condition on an application using the vulnerable library...
Adobe Flash Player Double Free (APSB15-03: CVE-2015-0312)
A double free memory vulnerability has been reported in Adobe Flash Player. The issue occurs while sharing a bytearray between two workers. If one worker calls bytearray.compress while the other uses that bytearray, the code does not handle the race correctly and leads to double free, which can...
Magento eCommerce Web Sites SQL Injection (CVE-2015-1397)
An SQL injection vulnerability has been reported in Magento component. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Magento eCommerce Web Sites Authentication Bypass (CVE-2015-1398)
An authentication bypass vulnerability was reported in Magento component. The vulnerability is due to a user controlled parameter affecting the login mechanism. A remote attacker can exploit this issue by sending a specially crafted HTTP request to a vulnerable system. Successful exploitation may...
Magento eCommerce Web Sites Remote File Inclusion (CVE-2015-1399)
A remote file inclusion vulnerability has been reported in Magento component. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Flash Player Type Confusion (APSB15-01: CVE-2015-0305)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Flash Player Heap Buffer Overflow (APSB15-01: CVE-2015-0309)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Type Confusion (APSB15-05: CVE-2015-0336)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...