13538 matches found
Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-0576)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-8440)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Multiple PHP Servers B374kshell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
RomPager Authentication Bypass Attempt - Misfortune Cookie
A vulnerability exists in RomPager web servers. The vulnerability is due to lack of sanitation of the Cookie header. A successful exploitation of this vulnerability allows an attacker to log into the web server under admin privileges...
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-0588)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6374)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer VBScript Memory Corruption (MS14-080; CVE-2014-6363)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6369)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Word Use After Free Remote Code Execution (MS14-081; CVE-2014-6357)
A remote code execution vulnerability exists in Microsoft Word. The vulnerability is due to improper handling of objects in memory while parsing a specially crafted Office file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted Office file...
Microsoft Exchange Server Outlook Web Access Cross-Site Scripting (MS14-075; CVE-2014-6326)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange input validation. A remote attacker can exploit this issue by enticing a victim to open a specially crafted email with Microsoft Outlook Web Access OWA...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6329)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6366)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-8966)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6375)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Component Use After Free Remote Code Execution (MS14-082; CVE-2014-6364)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is due to an error in the way Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6330)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6376)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6373)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer XSS Filter Bypass (MS14-080: CVE-2014-6328)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6368)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Office Index Remote Code Execution (MS14-081; CVE-2014-6356)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is due to way Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Exchange Server Outlook Web Access URL Redirection (MS14-075; CVE-2014-6336)
A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange when Microsoft Outlook Web Access OWA fails to properly validate redirection tokens. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Graphics Component Information Disclosure (MS14-085; CVE-2014-6355)
An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker can exploit this vulnerability by enticing a user to download...
Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6327)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Excel Invalid Pointer Remote Code Execution (MS14-083; CVE-2014-6361)
A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a target user to open a specially...
Microsoft Excel Global Free Remote Code Execution (MS14-083; CVE-2014-6360)
A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a target user to open a specially...
Multiple Web Servers ASPXshell Backdoor Command Execution
ASPXshell is a computer program able of executing shell commands, uploading, downloading and deleting files. Placing such a program on a web server could be used to open a backdoor for remote attackers to execute arbitrary commands on the vulnerable server. A remote attacker might place such a to...
Linux Kernel SCTP Handshake Denial of Service (CVE-2014-0101)
An integer underflow has been found in the SCTP networking module of the Linux kernel. The vulnerability is due to a boundary check error. A remote attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A successful attack will prevent further SCTP...
xcv Deface Maker Tool
XCV Deface Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...
Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0577)
A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...
HP Network Node Manager I ovopi.dll Command 685 Memory Corruption (CVE-2014-2624)
A memory corruption vulnerability in HP Network Node Manager I NNMi ha been reported. The vulnerability is caused by using remotely supplied data as a pointer without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote unauthenticat...
Twiki Unauthenticated Remote Code Execution (CVE-2014-7236)
A remote code execution was discovered in TWiki. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...
Twiki/Fosswiki Unauthenticated Arbitrary File Upload (CVE-2014-7237)
An arbitrary file upload vulnerability has been reported in Twiki/Fosswiki. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Malformed PDF Version Header
PDF files may include a malformed version header. A remote attacker may use such a header inside PDF files to evade IPS inspection, in order to avoid detection of attacks against various PDF vulnerabilities...
MovableType Unsanitized Input SQL Injection (CVE-2014-9057)
An SQL injection vulnerability was discovered in Movable Type. This vulnerability allows unauthenticated attackers to execute SQL code on the server...
Malicious iFrame Conditional Cookie Injection
Several web exploitation tools inject payloads that are displayed only when specific conditions are met. This may allow an attacker to reduce the odds of detection and to evade inspection...
RSYSLOG PRI Value Parsing Integer Overflow Denial of Service (CVE-2014-3683)
A denial of service vulnerability has been reported in rsyslog and sysklogd. The vulnerability is due to an integer overflow when handling PRI values larger than MAXINT in log messages. A remote, unauthenticated attacker can exploit these vulnerabilities by sending crafted packets to an affected...
RomPager Authorization Buffer Overflow Denial of Service (CVE-2014-9223)
A buffer overflow vulnerability exist in RomPager Web Server. A remote attacker could exploit this vulnerability by sending a crafted request to the vulnerable server causing a denial of service...
PHP exif Extension exif_ifd_make_value Thumbnail Heap Buffer Overflow (CVE-2014-3670)
A code execution vulnerability exists in PHP exif extension. The vulnerability is due to a buffer overflow when handles exif thumbnail. A remote attacker can exploit the vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP...
xMid Deface Page Creator Tool
xMid Deface Page Creator is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...
QEMU vnc set_pixel_format bits_per_pixel Null Pointer Dereference (CVE-2014-7815)
A null pointer dereference vulnerability has been found in QEMU vnc. The vulnerability is due to insufficient checking of an initialized buffer. A remote attacker could exploit this vulnerability by setting bitsperpixel to a value that is less than 8. Successful exploitation could lead to a denia...
Advanced Deface Page Maker Tool
Advanced Deface Page Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...
WinFTP Server NLST Command Denial of Service (CVE-2008-5666)
A denial of service vulnerability has been reported in WinFTP Server. The vulnerability is due to WinFTP Server failure to handle a NLST command when in PASV mode. A remote attacker can exploit this vulnerability by sending a specially crafted connection request to the vulnerable server...
Microsoft Internet Explorer Use After Free (CVE-2014-2782)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a...
DBGuestBook dbs_base_path Parameter Multiple Vulnerabilities (CVE-2007-1165)
Multiple remote code execution vulnerabilities exists in DBGuestBook. These vulnerabilities are caused due to improper handling of crafted URL using the dbsbasepath parameter. A remote attacker can exploit these vulnerabilities to execute arbitrary code on the vulnerable Web server...
Magento eCommerce FlashVar Parameter Cross-Site Scripting
A cross-site scripting vulnerability has been reported in Magento 1.9.0.1 FlashVar Parameter. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Web Server Content-Disposition Cross-Site Scripting (CVE-2016-7168)
A cross-site scripting vulnerability exists in Content-Disposition HTTP header. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Golden FTP PASS Buffer Overflow (CVE-2006-6576)
Golden FTP Server is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.Exploiting this vulnerability may allow remote attackers to execute arbitrary code in the context of the affected...
Advantech WebAccess SCADA webeye.ocx ip_address Parameter Buffer Overflow (CVE-2014-8388)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ipaddress parameter contained in the webeye.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...