13538 matches found
Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)
A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...
Microsoft Windows SChannel Buffer Overflow (MS14-066; CVE-2014-6321)
A remote code execution vulnerability exists in Microsoft SChannel. The vulnerability is due to improper processing of specially crafted packets that leads to a buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target...
MySQL Load File SQL Injection
An SQL injection vulnerability exists in MySQL database server. SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code...
PHP Core unserialize Function Integer Overflow (CVE-2014-3669)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to an integer overflow within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialize data to a web application running a vulnerable version of PHP. A successful...
Microsoft Windows SChannel Denial Of Service (MS14-066; CVE-2014-6321)
A denial of service vulnerability exists in Microsoft SChannel. The vulnerability is due to improper processing of specially crafted packets that leads to a denial of service. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target...
Digi Online Examination Unrestricted File Upload (CVE-2014-8997)
An unauthorized file upload vulnerability has been reported in Digi Online Examination. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...
MySQL Into OutFile SQL Injection
An SQL injection vulnerability exists in MySQL database server.SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code ...
AWStats configdir Parameter Remote Command Execution (CVE-2005-0116; CVE-2005-0362)
A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...
MySQL Database Null Pointer Denial of Service (CVE-2011-5049)
A denial of service vulnerability exists in MySQL database server. The vulnerability is due to a NULL pointer dereference error in the server. Remote users can exploit this vulnerability to cause a denial of service condition...
Microsoft Internet Explorer CTitleElement Use After Free
A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...
CA Brighstor ARCserve Backup Agent Buffer Overflow (CVE-2005-1272)
A stack based buffer overflow vulnerability exists in BrightStor ARCserve and Enterprise Backup Agent for windows. The vulnerability is caused due to a boundary error in the Backup Agents. A remote attacker can exploit this vulnerability to cause a denial of service condition or execute arbitrary...
Multiple Ichitaro Products Unspecified Remote Code Execution (CVE-2014-7247)
An Unspecified Remote Code Execution detected in Ichitaro Multiple Products. An attacker can exploit this vulnerability to execute arbitrary code with admin privileges. Successful exploitation of this issue will allow execution of arbitrary code on an affected system...
ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038)
An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data and an input validation error in the agentHandler servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose...
Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)
A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...
Microsoft Windows Kerberos KDC Elevation of Privilege (MS14-068; CVE-2014-6324)
A remote elevation of privilege vulnerability has been reported in Microsoft Windows Kerberos KDC. The vulnerability is due to improper validation of signatures in the Kerberos ticket. A remote attacker could use these elevated privileges to compromise any computer in the domain, including domain...
Moodle Spellcheck Remote Command Execution (CVE-2013-3630)
A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...
LibreOffice Impress Remote Control Use After Free (CVE-2014-3693)
A use after free vulnerability exists in LibreOffice Impress. The vulnerability is due to an error in the code managing remote control port. A remote unauthenticated attacker can exploit this vulnerability by sending crafted data to the affected port. Successful exploitation will result in...
Web Servers File Download Manipulation
An attacker can manipulate a web server to download and execute code stored on a third party server...
SlimFTPd LIST Command Buffer Overflow (CVE-2005-2373)
A buffer overflow vulnerability exists in SlimFTPd server. The vulnerability is due to insufficient bounds verification on certain FTP service commands. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted FTP LIST service command to the target server...
Visual Mining NetCharts Server Admin Console Arbitrary File Upload (CVE-2014-8516)
An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability exists in the Admin console and is due to insufficient validation of filename during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the...
Visual Mining NetCharts Server File Upload Directory Traversal
A directory traversal vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to insufficient validation of file paths during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system by uploading...
Adobe ColdFusion FCKeditor Input Validation Flaw Arbitrary File Upload (CVE-2008-6178; CVE-2009-2265)
A vulnerability has been reported in Adobe Systems ColdFusion that could allow remote users to upload files in arbitrary directories potentially leading to a system compromise. The vulnerability is due to an input validation error in the FCKeditor which is embedded in ColdFusion 8. Remote attacke...
Joomla Component com_jeemasms Multiple
A Multiple injection vulnerability has been reported in Joomla Com Jeemasms. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Web Clients Suspicious Image File Download
A remote attacker can hide a malicious code within an image file, in an attempt to avoid detection. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...
Joomla Component jeeventcalendar SQL Injection (CVE-2010-2513)
An SQL injection vulnerability has been reported in Joomla Jeeventcalendar. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_techfolio SQL Injection (CVE-2011-5113)
An SQL injection vulnerability has been reported in Joomla Com Techfolio. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft ASP.NET MVC Cross-Site Scripting (MS14-059; CVE-2014-4075)
A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due to the way ASP.NET MVC encodes user input. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to follow a malicious link...
Joomla Component com_oziogallery SQL Injection (CVE-2010-2910)
An SQL injection vulnerability has been reported in Joomla Com Oziogallery. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_Jobline SQL Injection (CVE-2009-2554)
An SQL injection vulnerability has been reported in Joomla Com Jobline. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
NetBSD tnftp fetch.c fetch_url Command Execution (CVE-2014-8517)
A command execution vulnerability has been reported in NetBSD tnftp. The vulnerability is due to insufficient validation of the ftp output file name when using an HTTP URI to fetch files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a malicious UR...
Joomla Component com_listing SQL Injection (CVE-2011-4830)
An SQL injection vulnerability has been reported in Joomla Com Listing. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_huruhelpdesk SQL Injection (CVE-2010-2907)
An SQL injection vulnerability has been reported in Joomla Com Huruhelpdesk. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Component com_jequoteform Local File Inclusion (CVE-2010-2128)
A file inclusion vulnerability has been reported in Joomla Com Jequoteform. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Web Servers Suspicious File Upload (CVE-2019-16113; CVE-2021-26918; CVE-2022-26645)
A remote attacker can upload a malicious file to a web server. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...
Joomla Component Scriptegrator File Inclusion
A file inclusion vulnerability has been reported in Joomla Scriptegrator.Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Joomla Component com_people Local File Inclusion
A file inclusion vulnerability has been reported in Joomla Com Bfsurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Joomla Component com_yellowpages SQL Injection
An SQL injection vulnerability has been reported in Joomla Com Yellowpages. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Adobe Flash Player Memory Leakage (APSB14-21: CVE-2014-0557)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
SunRPC Data Connection Evasion Technique
SunRPC protocol is vulnerable to evasion techniques over its data connection. An attacker may try to evade inspection via an unauthorized data connection. Successful evasion may result in a remote code execution...
Mayhem Shellshock Infection Attempt
Mayhem uses a PHP script to drop malicious objects to the affected client...
Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)
A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by modproxyajp when used with modproxybalancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP...
PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)
A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...
Belkin N750 Router Unauthenticated Remote Command Execution (CVE-2014-1635)
A buffer overflow vulnerability has been reported in Belkin N750 router. The vulnerability is due to improper input validation in the router's Web interface. A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the victim. Successful exploitation of this...
Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6344)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows Audio Service Elevation of Privilege (MS14-071; CVE-2014-6322)
An elevation of privilege vulnerability has been reported in Windows audio service that could be exploited through Internet Explorer. The vulnerability is due to the way Internet Explorer improperly validates permissions under specific conditions. A remote attacker may exploit this issue by...
Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-4143)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6351)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft SharePoint Active Scripting Elevation of Privilege (MS14-073; CVE-2014-4116)
An elevation of privilege vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to an error in the way Microsoft SharePoint Server sanitizes page content in SharePoint lists. A remote attacker may exploit this issue by enticing a target user to open a specially crafted...
Microsoft Internet Explorer Elevation of Privilege (MS14-065: CVE-2014-6350)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Windows OLE Automation Array Remote Code Execution (MS14-064; CVE-2014-6332)
A remote code execution vulnerability has been reported in Microsoft Windows Object Linking and Embedding OLE. The vulnerability is due to an improper access to memory objects by Internet Explorer. A remote attacker can exploit this issue by enticing target users to view a specially crafted...