13538 matches found
Joomla Component com_ezine Remote File Inclusion (CVE-2009-4094)
A file inclusion vulnerability has been reported in Designforjoomla Com Ezine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Joomla Component com_bfsurvey Local File Inclusion (CVE-2010-2259)
A file inclusion vulnerability has been reported in Joomla Com Bfsurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Joomla Component com_5starhotels SQL Injection (CVE-2008-5864)
An SQL injection vulnerability has been reported in Joomla Com 5starhotels. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Adobe Flash Player Use After Free Code Execution (APSB14-21: CVE-2014-0553; CVE-2017-2992)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...
F5 Multiple Products iControl API hostname Remote Command Execution (CVE-2014-2928)
A remote command execution vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of the hostname element in incoming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to...
HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)
Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0549)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Foxit Reader PDF Files Processing Buffer Overflow (CVE-2009-0837)
There exists a Stack-based buffer overflow in Foxit Reader, which allows remote attackers to execute arbitrary code via a long relative path or absolute path in the filename argument in an action...
Operation Huyao Phishing Attempt
Operation Huyao is a phishing campaign using a proxy to create a copy of the attacked website, and lure the victim user to hand his details to the attacker...
LibVNCServer scale.c rfbSendNewScaleSize Use After Free
A use-after-free vulnerability has been found in LibVNCServer. The vulnerability is due to an issue with processing wrt scaling messages. A remote attacker can exploit this vulnerability by sending a wrt scaling message and terminating the connection before receiving server's response. Successful...
activeCollab Chat Module Arbitrary PHP Code Execution (CVE-2012-6554)
A code execution vulnerability exists in Chat module for activeCollab.The vulnerability is due to a flaw that is triggered by the pregreplace function.A remote attacker may exploit this vulnerability by evaluating a string with complex curly syntax, allowing for the execution of arbitrary code...
HP System Management Homepage red2301.html RedirectUrl Cross Site Scripting (CVE-2014-2640)
A cross-site scripting vulnerability exists in HP's System Management Homepage SMH. The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious...
OpenSSL Invalid Session Ticket Denial of Service (CVE-2014-3567)
A denial-of-service vulnerability exists in OpenSSL. It is due to a memory leak when OpenSSL processes invalidsession tickets to verify their integrity. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of servi...
Nuclear Exploit Kit Redirection
Nuclear Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...
Archie Exploit Kit Landing Page Code Execution
Archie exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Archie exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...
Nuclear Exploit Kit Landing Page
Nuclear Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...
Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)
A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...
HP Sprinter Tidestone Formula One DefaultFontName Buffer Overflow (CVE-2014-2638)
A code execution vulnerability exists in HP Sprinter. The vulnerability is due to a buffer overflow while handling the DefaultFontName property within the Tidestone Formula One ActiveX control. A remote attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...
Microsoft Internet Explorer Resource Information Disclosure (MS14-052; CVE-2013-7331)
An information disclosure vulnerability exists in Internet Explorer. This vulnerability is caused when the XMLDOM ActiveX control allows local resources to be enumerated. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Spike DDoS Toolkit GET Flood Denial of Service
Spike DDos Toolkit has multiple DDoS payloads, including SYN flood, UDP flood, Domain Name System DNS query flood, and GET floods...
Digium Asterisk HTTP Connections Denial of Service (CVE-2014-4047)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to the way HTTP sessions are being handled. A remote, unauthenticated attacker can exploit this vulnerability by establishing an excessive number of TCP connections to the configured HTTP or HTTPS port...
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0551)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0547)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)
A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...
LifeSize Room Security Bypass and Command Injection Vulnerabilities (CVE-2011-2763)
Multiple vulnerabilities exist in the LifeSize Room appliance. The vulnerabilities are due Unauthenticated OS command injection through the web interface.A remote attacker can exploit those vulnerabilities by sending crafted requests to the affected service...
Free MP3 CD Ripper WAV File Stack Buffer Overflow (CVE-2011-5165)
A vulnerability exists in Free MP3 CD Ripper 1.1. The vulnerability is due to stack-based buffer overflow when converting a file. Successful exploitation can result in arbitrary code execution via a crafted wav file...
Hastymail2 call_user_func_array() Command Injection (CVE-2011-4542)
A command injection vulnerability exists in Hastymail 2.1.1. The vulnerability is due to improper sanitization of special elements used in a request to the server. Remote attacker can exploit this vulnerability by sending malicious HTTP requests to the target server...
JavaScript Percent-Encoding Obfuscation
Although various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques.An example of such a technique is percent-encoding, also known as URL encoding...
PowerDNS Recursor Denial of Service (CVE-2014-3614)
A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...
Adobe Flash Player Memory Corruption (APSB14-22: CVE-2014-0558)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Oracle Database Server Insecure User Input Stack Buffer Overflow (CVE-2013-3751)
A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of user supplied input when parsing XML document data in a SQL/XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious...
Apache Camel XSLT Component Java Code Execution (CVE-2014-0003)
A code execution vulnerability has been reported in Apache Camel. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted XML message to the vulnerable server. Successful exploitation could result in the execution of arbitrary Java code...
Adobe Flash Player ActionScript 3 Integer Overflow (APSB14-22; CVE-2014-0569)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an integer overflow condition in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a web page containing a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB14-22: CVE-2014-0564)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...
Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)
An RSA signature forgery vulnerability exists in Mozilla Network Security Services NSS, the cryptographic library used in many applications including Firefox and Google Chrome. The vulnerability is a result of improper verification of RSA signatures due to incorrect ASN.1 parsing of the DigestInf...
Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
AlienVault OSSIM Framework Backup Command Execution (CVE-2014-5158)
A command execution vulnerability exists in AlienVault OSSIM Framework. The vulnerability is due to insufficient sanitization of user supplied data that is used to execute backup commands. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...
Schneider Electric SCADA Expert ClearSCADA Denial of Service (CVE-2014-5411)
A denial of service vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This can result in a...
Microsoft Windows TrueType Font Parsing Remote Code Execution (MS14-058; CVE-2014-4148; CVE-2015-1671)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused due to incorrect handling of specially crafted TTF files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted web-page...
Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)
Secure Socket Layer SSL is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks. This protection may be used to prevent attacks exploiting the Poodle vulnerability...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4140)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4138)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4132)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
SolarWinds Storage Manager AuthenticationFilter Authentication Bypass
An authentication bypass vulnerability exists in SolarWinds Storage Manager. The vulnerability is due to a flaw within the AuthenticationFilter class. A remote unauthenticated attacker could exploit this vulnerability by bypassing the authentication filter and uploading malicious scripts to the...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4128)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft .NET Framework Remote Code Execution (MS14-057; CVE-2014-4121)
A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way .NET framework parses internationalized resource identifiers. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4126)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4133)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Windows System Files Information Disclosure
Windows operating systems contain system files with sensitive information. If not properly configured, remote attackers can view the information on such files...