13538 matches found
CoolPDF Reader Image Stream Processing Buffer Overflow - ver 2 (CVE-2012-4914)
A code execution vulnerability has been reported in CoolPDF Reader. The vulnerability is due to insufficient validation of streams while processing PDF files. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a specially crafted PDF file,...
Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0544)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Multipath TCP
Multipath TCP is a set of extensions to regular TCP that enables a single data flow to be separated and carried across multiple connections. An attacker might use these extensions to evade detection by IPS devices...
Jenkins Groovy Script Console Remote Code Execution
A Code Execution vulnerability has been reported in the Jenkins Groovy Script Console. The vulnerability is due to an insecure script execution on the Jenkins console. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...
Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0540)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
WordPress Gmedia Gallery Shell Upload
Gmedia Gallery plugin is prone to Shell Upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process...
Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0531)
A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...
Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0533)
A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...
Web Servers Joomla Remote File Inclusion
Joomla component is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This...
Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0542)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Symantec Endpoint Protection Manager secars.dll Buffer Overflow (CVE-2013-1612)
A buffer overflow vulnerability exists in Symantec Endpoint Protection Manager SEPM. The vulnerability is caused by insufficient boundary check while processing external input. By supplying a crafted HTTP request to the vulnerable server, a remote unauthenticated attacker can possibly exploit thi...
Adobe Multiple Products Flash Content Parsing Code Execution (APSA10-03: CVE-2010-2884) (CVE-2010-2884)
A remote code execution vulnerability has been reported in multiple Adobe products. The vulnerability is due to an error in the way Flash files are parsed...
UpTime Monitoring Server Insecure File Upload Remote Code Execution
A file upload vulnerability has been reported in the UpTime monitoring server. The vulnerability is due to an insecure file upload on the post2file.php component. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...
Oracle Event Processing FileUploadServlet Directory Traversal (CVE-2014-2424)
A code execution vulnerability has been reported in Oracle Event Processing. The vulnerability is due to a directory traversal within the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request...
Siemens Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
A remote code execution vulnerability exists in Siemens Solid Edge. The vulnerability is due to usage of user supplied input as a memory pointer without proper validation. Successful exploitation may allow a remote attacker to read and corrupt memory from the target process...
Samba nmbd sys_recvfrom Infinite Loop Denial of Service (CVE-2014-0244)
A denial of service vulnerability has been reported in Samba server. The vulnerability is due to an infinite loop that occurs when processing specially crafted packets. A remote authenticated or guest attacker could exploit this vulnerability by sending specially crafted requests to the target...
Adobe Flash Player Use After Free Code Execution (APSB14-18: CVE-2014-0538)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...
Microsoft Windows Kodak Image Viewer Code Execution (MS07-055) - ver 2 (CVE-2007-2217)
A buffer overflow vulnerability has been reported in Microsoft Windows Kodak Image Viewer. The vulnerability is due to improper parsing of specially crafted image files, such as TIFF files. An attacker can exploit this vulnerability by constructing a specially crafted image and enticing a victim ...
Adobe Flash Player and AIR Security Bypass (APSB14-18: CVE-2014-0541)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2820)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Adobe Flash Player and AIR Security Bypass (APSB14-17; CVE-2014-0537)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4057)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4063)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2823)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4050)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2824)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...
WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)
An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server...
Yokogawa CS3000 SCADA BKFSim_vhfd.exe Remote Code Execution (CVE-2014-3888)
A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...
HP Service Virtualization AutoPass License Server Directory Traversal (CVE-2013-6221)
A code execution vulnerability exists in HP Service Virtualization running the AutoPass License Server. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation of this vulnerability could result in creation ...
MOXA Device Manager Tool SCADA Buffer Overflow (CVE-2010-4741)
A remote code execution vulnerability has been reported in MOXA Device Manager Tool. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...
Oracle Java SE GSUB FeatureCount Buffer Overflow
A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...
Web Login Form Password Brute Force Attempts
Many web services offer a login form for users in order to sign in. Remote attackers can try and guess the user's credentials using repeated login attempts...
HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)
A command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to...
Apache HTTP Server mod_status Heap Buffer Overflow (CVE-2014-0226)
A heap buffer overflow vulnerability exists in Apache httpd. The vulnerability is due to a race condition in the modstatus module running on a server with threaded MPM.Successful exploit may result in information disclosure or code execution...
JavaScript Code Evasion Attempt
Certain evasion tools can use JavaScript code in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target...
Samba DNS Reply Flag Denial of Service (CVE-2014-0239)
A denial of service vulnerability exists in Samba DNS server. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. Successful exploitation could...
FritzBox Webcm Unauthenticated Command Injection
A remote command injection vulnerability has been reported in different Fritz!Box devices. The vulnerability is due to insufficient validation within the web-based Interface. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to the web-based Interface...
PHP CDF File Handling Infinite Loop (CVE-2014-0238)
A denial of service vulnerability has been reported in PHP. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP. A successful attack will result in an infinite loop, which can cause a denial of service condition...
AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution - ver 2 (CVE-2014-3804)
Multiple command execution vulnerabilities exist in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to affected...
PUF UDP Flooder
PUF UDP Flooder is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple UDP requests that can potentially cause an affected system to become temporarily unresponsive...
Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0522)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Rocket Servergraph Admin Center fileRequestor Directory Traversal (CVE-2014-3914)
A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...
McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal (CVE-2014-2536)
A directory traversal vulnerability has been reported in the ExtensionAccessServlet included in McAfee Cloud Single Sign On. The vulnerability is due to insufficient input sanitization on the GET request URI passed to the ExtensionAccessServlet. A remote unauthenticated attacker can exploit this...
Microsoft Windows TCP Denial of Service (MS14-031; CVE-2014-1811)
A denial-of-service vulnerability exists in Microsoft Windows and Windows Server. The vulnerability is due to TCP/IP stack failing to properly handle crafted packets. A remote unauthenticated attacker can exploit this vulnerability by sending crafted packets to the target system...
HP Intelligent Management Center BIMS UploadServlet Information Disclosure (CVE-2014-2618)
An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests...
HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow (CVE-2009-4180)
A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program snmpviewer.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTT...
Adobe Flash Player JSONP Cross-Site Request Forgery (APSB14-17: CVE-2014-4671)
A cross-site request forgery CSRF vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an insufficient validation of data from JSONP callback APIs. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Western Digital Arkeia Remote Code Execution (CVE-2014-2846)
A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...
TR-069 Auto Configuration Servers Multiple Vulnerabilities (CVE-2014-2840; CVE-2014-4916; CVE-2014-4917; CVE-2014-4918; CVE-2014-4956; CVE-2014-4957)
The TR-069 protocol allows remote management of end-user broadband devices. Several vulnerabilities have been detected in certain TR-069 server implementations, that could allow a remote attacker to obtain administrative access to the servers or execute arbitrary code on them...
D-Link HNAP Request Stack Buffer Overflow (CVE-2014-3936)
A remote code execution vulnerability exists in D-Link routers. The vulnerability is due to a stack buffer overflow while processing crafted HTTP POST requests addressed to the HNAP handler. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected...