13538 matches found
Adobe Flash Player Memory Corruption (APSB15-03: CVE-2015-0310: CVE-2015-0311)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an unknown error that enables mitigating memory randomization algorithms in Flash. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack cou...
Adobe Flash Player Memory Corruption (APSB15-01: CVE-2015-0306)
A memory corruption vulnerability has been identified in Adobe Flash Player and Air. The vulnerability is due to an error in the player that fails to properly validate input of dll files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)
A buffer overflow vulnerability, known as GHOST Vulnerability, exists in GNU C Library function. A remote attacker can exploit this vulnerability by providing crafted input to an application that uses this vulnerable function. Successful exploitation could result in code execution in the context ...
Zenoss Core Version Check Remote Code Execution (CVE-2014-6261)
A remote code execution vulnerability exists in the Zenoss Core Application. The vulnerability is due to unpickling of potentially unsafe Python pickle serialized object when checking for software updates from the Zenoss home server. A remote attacker can exploit this vulnerability. Successful...
Adobe Flash Player Out of Bounds Memory Corruption (APSB15-01: CVE-2015-0307)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out-of-bounds memory read while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an issue while parsing Server Hello messages with a specific cipher suite and extension. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...
Adobe Flash Use After Free Code Execution (APSB15-01: CVE-2015-0308)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...
Adobe Flash Player Buffer Overflow (APSB15-01: CVE-2015-0304)
A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Action Script Evasion (CVE-2015-0310; CVE-2015-0311)
Flash files can contain malicious Action Script code to exploit vulnerabilities in Adobe Flash Player. Certain evasion tools can use evasion techniques in order to circumvent inspection by security software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)
Tcpdump parses and displays, and optionally records packets received on a network interface matching a user provided filter. Two vulnerabilities exist in the Tcpdump ISAKMP payload handling module, which can be exploited to cause a DoS Denial of Service by sending packets with specially crafted...
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-8438)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted mp4 files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...
Adobe Flash Player Privilege Escalation (APSB15-01: CVE-2015-0302)
A Privilege Escalation vulnerability has been reported in Adobe Flash Player. The vulnerability exists because the isKeyDown method in Flash Player fails to validate if the window in which the swf is loaded has the focus. When loaded, the swf can listen to keystrokes across the system...
Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0590)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
Adobe Reader and Acrobat Memory Corruption (APSB14-28: CVE-2014-8447)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Browserify Node.js Remote Code Execution (CVE-2014-7192)
A remote code execution was discovered in Browserify Node.js. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
XChat Bounds Checking Buffer Overflow (CVE-2011-5129)
A buffer overflow vulnerability exists in XChat. Successful exploitation of this vulnerability will cause a crash, and may allow injection and execution of arbitrary code. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by sending a...
ManageEngine Desktop Central MSP StatusUpdateServlet fileName Directory Traversal (CVE-2014-9404)
A directory traversal vulnerability exists in ManageEngine Desktop Central MSP. The vulnerability is due to lack of authentication and insufficient input validation of the filename parameter sent to the StatusUpdateServlet page when processing HTTPS requests...
ManageEngine Multiple Products File Attachment Directory Traversal (CVE-2014-5301)
A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. The vulnerability is due to insufficient input validation of the "module" parameter sent in HTTP requests to the server. A remote authenticated attacker can upload or delete...
PDF Containing Suspicious File Info Fields
PDF files are susceptible to various remote code execution vulnerabilities. Although various security products provide coverage against many such vulnerabilities, attackers could potentially bypass security products inspection by using PDF files that contain a suspicious File Info Fields...
OpenSSL DTLS dtls1_buffer_record Denial of Service (CVE-2015-0206)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to memory exhaustion when parsing specially crafted DTLS packets. Successful exploitation will result in high memory consumption and lead to a denial of service condition...
Adobe Flash Player Memory Corruption (APSB15-01: CVE-2015-0303)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Samsung SmartViewer CNC_Ctrl ActiveX Control Buffer Overflow (CVE-2012-4333; CVE-2014-9265)
A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNCCtrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to...
Microsoft Office Files Containing Malicious Downloader
Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Git Client Path Validation Command Execution (CVE-2014-9390)
A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a...
ManageEngine Multiple Products WsDiscoveryServlet Directory Traversal (CVE-2014-5302)
A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated...
Adobe Acrobat and Reader Time of Check Time of Use Race Condition (APSB14-28: CVE-2014-9150)
A time-of-check time-of-use race condition vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a special...
HTML Containing Malicious VBScript Encoding
Certain VBScript obfuscation schemes can be used to circumvent security software. These methods could allow attackers to execute arbitrary code on the target machine...
NTP Daemon Configure Buffer Overflow (CVE-2014-9295)
The NTP daemon implements the Network Time Protocol NTP which sets and maintains the system time-of-day in synchronism with Internet standard time servers. A buffer overflow vulnerability has been reported in the NTPD NTP daemon. The vulnerability is due to insufficient checks on the input size. ...
OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)
A vulnerability has been detected in the way OpenSSL handles DTLS messages. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL which could lead to a Denial Of Service attack...
Advantech ADAMView Conditional Bitmap Remote Code Execution (CVE-2014-8386)
A stack-buffer overflow has been reported in Advantech ADAMView. The vulnerability is due to insufficient validation of conditional bitmaps from a file...
Adobe Acrobat and Reader Buffer Overflow (APSB14-28: CVE-2014-9159)
A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Microsoft Windows NLA Security Feature Bypass (MS15-005; CVE-2015-0006)
A security feature bypass vulnerability has been reported in the Network Location Awareness NLA service. The vulnerability is caused when the NLA service fails to properly validate if a domain-connected machine is connected to the domain or to an untrusted network. A remote attacker can exploit...
Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8461)
A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Microsoft Network Policy Server RADIUS Denial of Service (MS15-007; CVE-2015-0015)
A denial of service vulnerability exists in the Network Policy Server NPS. The vulnerability is due to the way the NPS handles username strings. A remote attacker can exploit this issue by sending a specially crafted username string to the NPS...
Microsoft Windows Directory Traversal Elevation of Privilege (MS15-004; CVE-2015-0016)
An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker can exploit this vulnerability by tricking a user into downloading a specially crafted application...
Microsoft Windows Telnet Service Buffer Overflow (MS15-002; CVE-2015-0014)
A buffer overflow vulnerability exists in Windows Telnet service. The vulnerability is due to improper validation of memory location. An attacker could exploit this vulnerability by sending specially crafted telnet packets to a Windows server...
Web Browsers Malicious Hidden iFrame Redirection
A compromised site may use an obfuscated hidden iFrame code in order to redirect traffic to a malicious website. The client would then be vulnerable to possible automatic download of malware...
Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8458)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Novell eDirectory IMONITOR Cross-Site Scripting (CVE-2014-5212)
A cross-site scripting vulnerability exists in Novell eDirectory IMONITOR. The vulnerability is due to an input validation error while parsing the rdn parameter. A remote attacker could exploit this vulnerability to execute arbitrary script or HTML code in the user's browser session...
Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8459)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Microsoft Application Compatibility Infrastructure Elevation of Privilege (MS15-001; CVE-2015-0002)
A privilege escalation vulnerability exists in Microsoft Windows Application Compatibility Cache. The vulnerability is due to a lack of validation of administrator privileges while running a specially crafted application. An authenticated attacker can exploit this issue by sending a specially...
Adobe Reader and Acrobat Information Disclosure (APSB14-28: CVE-2014-8452)
An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper handling of XML external entities. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
ManageEngine Desktop Central Dcpluginservelet Policy Bypass (CVE-2014-7862)
A policy bypass vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the Dcpluginservelet page when processing HTTPS requests...
OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569)
A denial of service vulnerability exists in the OpenSSL library compiled with no-ssl3. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted handshake to the target application and cause it to terminate...
Adobe Reader Javascript API Information Disclosure (APSB14-28: CVE-2014-8451)
An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper implementation of a Javascript API. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
Honeywell OPOS Suite Multiple ActiveX Controls Open Method Stack Buffer Overflow (CVE-2014-8269)
A buffer overflow vulnerability has been reported in Honeywell OPOS Suite. The vulnerability is due to improper bounds checking while processing the Open method calls within the HWOPOSScale.ocx ActiveX control and the HWOPOSSCANNER.ocx ActiveX control. An attacker can exploit this vulnerability b...
Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal (CVE-2014-8741)
A directory traversal vulnerability exists in Lexmark MarkVision Enterprise. The vulnerability is due to an input validation issue when processing user supplied data used for writing files to the system by the GfdFileUploadServlet servlet. A remote unauthenticated attacker could exploit this...
Morfeus Security Scanner
Morfeus is a vulnerability scanning product. Remote attackers can use Morfeus to detect vulnerabilities on a target server...
Adobe Flash Player Use After Free Code Execution (APSB14-27: CVE-2014-8443)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...
Adobe Acrobat And Reader Use-After-Free (APSB14-28: CVE-2014-8455)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...