13538 matches found
Squid Range Header Denial of Service (CVE-2014-3609)
A denial of service vulnerability has been reported in Squid. The vulnerability is due to insufficient validation of range headers. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected server. A successful attack will lead to a...
AlienVault OSSIM av-centerd Util.pm remote_task Arbitrary Command Execution (CVE-2014-5210)
The vulnerability is due to a failure to safely sanitize remotetask SOAP requests within Util.pm. this vulnerability can be exploit by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges...
Attachmate Reflection FTP Client ActiveX GetSiteProperties3 Memory Corruption (CVE-2014-0606)
A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. Successful exploitation could lead to remote code execution under the security context of the affected user...
Multiple Vendors LDAP Server Remote Denial of Service Vulnerabilities (CVE-2011-0917)
An integer overflow vulnerabilities exists in IBM Lotus Domino's LDAP service and IBM Tivoli Directory Server. The vulnerabilities is due to incorrect handling of the name parameter by the library nnotes.dll when it processes ASN.1-encoded LDAP BindRequests. An attacker may leverage this issue by...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service (CVE-2014-5266)
A denial of service vulnerability has been reported in Drupal Core. The vulnerability can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...
SENKAS Kolibri Webserver GET Request Buffer Overflow (CVE-2014-4158)
A stack buffer overflow vulnerability has been reported in SENKAS Kolibri Webserver 2.0. The vulnerability is due to a boundary error when handling GET request. A remote unauthenticated attacker can exploit the service by sending a crafted GET request to the target service...
Microsoft Internet Explorer onreadystatechange Use After Free
A use after free vulnerability exists in Microsoft Internet Explorer. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the...
Adobe Acrobat and Reader Memory Corruption (APSB14-20: CVE-2014-0565)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0552)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Reader and Acrobat JavaScript Heap Overflow (APSB14-20; CVE-2014-0567)
A heap overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of...
Samba nmbd unstrcpy Buffer Overflow (CVE-2014-3560)
A buffer overflow vulnerability has been reported in Samba server. The vulnerability is due to using incorrect buffer size in a string copy operation in the nmbd daemon. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious packets to a vulnerable nmbd service...
Adobe Acrobat and Reader Sandbox Bypass (APSB14-20; CVE-2014-0568)
A sandbox Security Bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in the sandbox protection mechanism. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Oracle Java AtomicReferenceFieldUpdater Type Confusion (CVE-2014-4262)
A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a type confusion flaw in AtomicReferenceFieldUpdater class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing maliciously crafted Java applet...
PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)
A memory corruption vulnerability exists in PHP. The vulnerability is due to type confusion in the unserialize function for SPL ArrayObject and SPLObjectStorage. An attacker can exploit this vulnerability if the application uses the vulnerable function...
Adobe Flash Player and AIR Heap Overflow (APSB14-21; CVE-2014-0559)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an improper buffer allocation while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Oracle Business Intelligence Mobile App Designer Information Disclosure (CVE-2014-4249)
An information disclosure vulnerability exists in Oracle Business Intelligence Mobile App Designer. The vulnerability is due to insufficient input validation of certain parameters. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable...
HP Universal CMDB Default Credentials Arbitrary File Upload (CVE-2014-2617)
A code execution vulnerability exists in HP Universal CMDB. The vulnerability is due to the use of hard-coded credentials when processing HTTP requests. A remote attacker can upload arbitrary files to arbitrary locations using the default credentials...
HP Network Virtualization storedNtxFile Directory Traversal (CVE-2014-2625)
A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "storedNtxFile" method. A remote, unauthenticated attacker can leverage this vulnerability to gain access to sensitive informati...
HP Network Virtualization toServerObject Directory Traversal (CVE-2014-2626)
A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "toServerObject" method. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to...
Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)
A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...
Symantec Web Gateway dbutils.php SQL Injection (CVE-2014-1651)
An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable...
CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow
There exists a buffer overflow vulnerability in CommuniGate Systems CommuniGate Pro LDAP server. The flaw is caused by improper validation of the user supplied LDAP message. An attacker may exploit this vulnerability to cause a denial of service condition of the affected server...
Attachmate Reflection FTP Client ActiveX GetGlobalSettings Memory Corruption (CVE-2014-0603)
A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. Successful exploitation could lead to arbitrary code execution under the security context of the browser...
PhpMyAdmin REQUEST Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
PhpMyAdmin SERVER Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
Oracle Java System.arraycopy Race Condition (CVE-2014-0456)
A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to a race condition in System.arraycopy. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...
Oracle Java Generic Signature Attribute Memory Corruption (CVE-2014-4216)
A memory corruption vulnerability exists in Oracle Java. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution...
Apache HTTP Server error handling malformed HTTP headers Denial of Service (CVE-2014-0117)
A denial of service vulnerability has been reported in Apache HTTP server. The vulnerability is due to an error handling malformed HTTP headers. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server...
PhpMyAdmin GLOBALS Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
MIT Kerberos SPNEGO Acceptor acc_ctx_cont Denial of Service (CVE-2014-4344)
A denial-of-service vulnerability exists in the MIT Kerberos 5. The vulnerability is due to a NULL pointer dereference in accctxcont in SPNEGO Acceptor for continuation tokens. A remote, unauthenticated attacker can exploit this vulnerability by sending an empty token as the second or later conte...
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
Mozilla Firefox SharedWorker MessagePort Use After Free (CVE-2014-1548)
A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to a memory corruption issue when handling SharedWorker objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to visit a malicious page...
Google Chrome locationAttributeSetter Use After Free (CVE-2014-1713)
A use after free vulnerability exists in Google Chrome. A remote attacker could exploit this vulnerability by enticing a user to open a crafted web page. Successful exploitation could result in code execution in the context of the currently logged in user...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4082)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052; CVE-2014-4081)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player Same Origin Policy Bypass (APSB14-14; CVE-2014-0516)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4088)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4086)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4089)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player Memory Leakage (APSB14-18; CVE-2014-0543)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4095)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4092)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4094)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4080)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052; CVE-2014-4087)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-2799)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4065)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4084)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0545)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...