13538 matches found
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4126)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4133)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Windows System Files Information Disclosure
Windows operating systems contain system files with sensitive information. If not properly configured, remote attackers can view the information on such files...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4141)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4134)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4137)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Elevation of Privilege (MS14-056: CVE-2014-4124)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4127)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player and AIR String Concatenation Integer Overflow (CVE-2014-0550)
An integer overflow vulnerability exists in Adobe Flash Player. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. The vulnerability is due to an error while concatenating large strings. A remote attacker could exploit this vulnerabili...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4130)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Elevation of Privilege (MS14-056; CVE-2014-4123)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
Microsoft ASP.NET MVC Cross-Site-Scripting (MS14-059; CVE-2014-4075)
A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due the way ASP.NET MVC improperly handles encoded input. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...
Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)
A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...
HP Network Node Manager I ovopi.dll Buffer Overflow (CVE-2014-2624)
Multiple buffer overflow vulnerabilities exist in HP Network Node Manager I NNMi. These vulnerabilities are caused by copying user supplied data into stack-based buffers without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote...
Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4129)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Advantech WebAccess SCADA ProjectName Parameter Buffer Overflow (CVE-2014-0991)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation of the ProjectName parameter contained in the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by...
Adobe Flash Player copyPixelsToByteArray Integer Overflow (CVE-2014-0556)
A heap buffer overflow exists in Adobe Flash Player. The vulnerability is due to an integer overflow leading to a heap buffer overflow in copyPixelsToByteArray. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file...
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
An information disclosure vulnerability has been reported in Red Hat JBoss RESTEasy. This is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from the RESTEasy endpoint. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by...
Schneider Electric SCADA Expert ClearSCADA Authentication Bypass (CVE-2014-5412)
An information disclosure vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A remote attacker can exploit this vulnerability to disclose sensitive system information...
LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale Divide by Zero Denial of Service (CVE-2014-6054)
A denial of service vulnerability exists in LibVNCserver. The vulnerability is due to a division by zero when processing an rfbSetScale message. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted RFB message to the server...
ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations...
HP Data Protector Opcode 305 Directory Traversal (CVE-2014-5160)
A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization of a file name provided with Opcode 305. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful...
ManageEngine Multiple Products FileCollector doPost Directory Traversal (CVE-2014-6034)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector" in HTTP requests...
OpenSSL dtls1_process_out_of_seq_message Denial of Service (CVE-2014-3507)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to memory leak in dtls1processoutofseqmessage function. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target. Successful exploitation could lead to a denia...
JBoss JMX Console Deployer Upload and Execute
JBoss Application Server JBoss AS is a free software and open-source Java EE-based application server. An upload and execute vulnerability has been reported in JBoss jmx-console application. A remote attacker could exploit this vulnerability to run arbitrary commands on the server...
Apache HTTP Server mod_cache Denial of Service (CVE-2013-4352)
A denial of service vulnerability exists in Apache HTTP server. A remote unauthenticated attacker can leverage this vulnerability by sending a malicious response to the target server. Successful exploitation would result in a denial of service condition on the target...
Avid Media Composer AvidPhoneticIndexer.exe Stack Buffer Overflow (CVE-2011-5003)
A remote stack buffer overflow vulnerability exists in an Avid Media Composer network daemon. A remote attacker can exploit this vulnerability by sending a large request to the listening network service. Successful exploitation would allow an attacker to execute arbitrary code on the target syste...
HP Data Protector Opcode 1091 Directory Traversal (CVE-2014-5160)
A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization allowing an attacker to create arbitrary files. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...
GitList URL Remote Code Execution (CVE-2014-4511)
A code execution vulnerability has been reported in GitList. The vulnerability is due to insufficient input validation for meta-characters passed in the request URL. A remote attacker could exploit this vulnerability by sending a malicious request to the vulnerable server...
OpenSIS ajax.php modname Code Execution (CVE-2013-1349)
A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...
VisiWave VWR File Parsing (CVE-2011-2386)
A remote code execution vulnerability exists in VisiWave's Site Survey Report. The vulnerability is caused by a failure to validate a user controlled property. A remote attacker can exploit this vulnerability by using a malicious property, potentially causing arbitrary code to be injected and...
Apple Motion OZDocument::parseElement Integer Overflow (CVE-2013-6114)
An integer overflow has been reported in Apple Motion 5. The vulnerability is due to lack of validation on "subview" values in a "viewer" tag. A remote unauthenticated attacker can leverage this vulnerability by enticing the user to open a specially crafted .motn file. Successful exploitation may...
Novell GroupWise Admin Service FileUploadServlet Directory Traversal (CVE-2014-0600)
A directory traversal vulnerability exists within the Administration Service of Novell GroupWise 2014. The vulnerability is due to a flaw in handling of a parameter in the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to th...
Bugzilla Privilege Escalation - Email Validation Bypass (CVE-2014-1572)
A privilege escalation vulnerability has been found in Bugzilla. The vulnerability is due to a flaw that allows a registering user alter his email address after token validation. Any authenticated remote attacker may leverage this vulnerability to gain administrative access to the vulnerable serv...
op5 Monitor license.php Remote Command Execution (CVE-2012-0261)
A command execution vulnerability has been reported in op5 Monitor. The vulnerability is due to an input validation flaw related to the system-op5config component. A remote attacker can exploit this vulnerability to execute arbitrary shell commands via command injection...
Apache2 PHP Component Chunked Transfer Encoding Policy Bypass (CVE-2013-5705; CVE-2018-17082)
A cross-site scripting vulnerability exists in Apache2 PHP component. The vulnerability is due to improper comparison of the user supplied input of the HTTP Transfer-encoding header field. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to sen...
OpenSSL DTLS Handshake Double Free (CVE-2014-3505)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a double free error during reassembly of the fragmented DTLS handshake. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted message to a target...
Mozilla Firefox DOMSVGLength Reflected Attribute Use-After-Free (CVE-2014-1563)
A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to an issue with handling DOMSVGLength objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a malicious page. Successful exploitation could lead to arbitrary...
SolarWinds Log and Event Manager Static Credentials (CVE-2014-5504)
A policy bypass vulnerability has been reported in SolarWinds Log and Event Manager. The vulnerability is due to the usage of static/default credentials to access the HyperSQL database. A remote attacker can exploit this vulnerability to access the database with administrator privileges...
Squid snmpHandleUdp Off-by-one Buffer Overflow (CVE-2014-6270)
A code execution vulnerability has been reported in Squid. The vulnerability is due to an off-by-one error resulting in buffer overflow in snmpHandleUdp function. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected server. A...
OpenSSL DTLS Handshake Memory Exhaustion (CVE-2014-3506)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to large memory consumption during reassembly of the fragmented DTLS handshake. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target...
OpenSSL DTLS Handshake Memory Exhaustion - ver 2 (CVE-2014-3506)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to large memory consumption during reassembly of the fragmented DTLS handshake. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target...
ManageEngine EventLog Analyzer agentUpload Directory Traversal (CVE-2014-6037)
A code execution vulnerability has been reported in ManageEngine EventLog Analyzer. The vulnerability is due to lack of authentication and insufficient input validation in agentUpload when processing zip files. A remote unauthenticated attacker can exploit this vulnerability by sending a speciall...
Splunk collect file Directory Traversal (CVE-2013-6771)
A directory traversal vulnerability has been found in Splunk. The vulnerability is due to insufficient sanitization of user-provided input to the advanced search functionality in the "file" parameter of the "collect" script...
GNU Bash Remote Code Execution (CVE-2014-6271; CVE-2014-6277; CVE-2014-6278; CVE-2014-7169; CVE-2014-7186; CVE-2014-7187)
A remote code execution vulnerability has been reported in several versions of GNU Bash. The vulnerability, aka ShellShock, is due to an error in the way GNU Bash processes trailing strings after function definitions in the values of environment variables...
Advantech WebAccess SCADA Password Parameter Buffer Overflow (CVE-2014-0992)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the Password parameter in an ActiveX control that is part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...
MIT Kerberos Invalid RFC 1964 Token Denial of Service (CVE-2014-4342)
A denial-of-service vulnerability exists in the MIT Kerberos 5. A remote, unauthenticated attacker can exploit this vulnerability by injecting packets into a legitimate GSSAPI session and cause the GSSAPI application to crash resulting in a denial-of-service condition...
BlazeVideo BlazeDVD Pro PLF File Processing Buffer Overflow
A stack buffer overflow vulnerability exists in BlazeVideo BlazeDVD Pro. The vulnerability is due to a boundary error when processing playlist files. Remote attackers could exploit this vulnerability by persuading users to open such a file using a vulnerable version of the application...
Adobe Flash Player and AIR Security Bypass (APSB14-21: CVE-2014-0554)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...