13538 matches found
libav LZO Integer Overflow (CVE-2014-4609)
A code execution vulnerability exists in the libav library. The vulnerability is due to an integer overflow while processing literal runs in the LZO compressed data. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted file with an...
WellinTech KingSCADA kxNetDispose.dll Stack Buffer Overflow (CVE-2014-0787)
A stack buffer overflow vulnerability has been reported in WellinTech KingSCADA. The vulnerability is due to insufficient validation on the size of the data. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious packet to the KingSCADA server...
Adobe Flash Player and AIR Security Bypass (APSB14-17: CVE-2014-0539)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0523)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Sixnet Sixview Web Console Directory Traversal (CVE-2014-2976)
Sixnet Sixview contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input. With a specially crafted request, a remote attacker can gain access to arbitrary files...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1775)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)
An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...
Symantec Web Gateway Multiple PHP Pages Cross Site Scripting (CVE-2014-1652)
A cross-site scripting vulnerability exists in Symantec Web Gateway. Successful exploitation could result in attacker-controlled script code being executed in the browser context of the Symantec Web Gateway management console. The vulnerability is due to improper validation of "variable",...
Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)
A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...
Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0532)
A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...
Adobe Flash Player Security Bypass (APSB14-16: CVE-2014-0534)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...
AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)
An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...
Web Servers Frequency Clock Remote File Inclusion (CVE-2007-2936)
A Remote File Inclusion vulnerability has been reported in Frequency Clock. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Multiple PHP Servers C100shell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
JPEG Files Containing Suspicious Comments
Certain JPEG files may contain malicious code, hidden within the comments marker...
SAP Sybase Event Stream Processor esp_parse Remote Code Execution (CVE-2014-3457)
Two unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. A remote attacker can leverage these vulnerabilities by sending crafted requests...
Adobe Flash Player Memory Corruption (APSB14-16; CVE-2014-0536)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
A heap buffer vulnerability exists in the phpparserr function in PHP. The vulnerability is due to an error in parsing malformed DNS TXT records. An attacker can exploit this vulnerability if the application uses the vulnerable function...
Adobe Flash Player and AIR Security Bypass (APSB14-16; CVE-2014-0535)
A security bypass vulnerability has been reported in Adobe Flash Player and Adobe AIR. The vulnerability is due to an error while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Web Servers W-Agora Remote File Inclusion (CVE-2002-1878)
A Remote File Inclusion vulnerability has been reported in W-Agora. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...
Multiple PHP Servers C99shell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
RIG Exploit Kit Website Redirection
A website redirection vulnerability has been reported in PHP. A remote attacker can exploit this vulnerability to infect users with the RIG exploit kit...
Wordpress Timthumb WebShot Vulnerability Code Execution
A vulnerability in TimThumb's "Webshot" feature allows for certain commands to be remotely executed on vulnerable websites with no authentication. An attacker can create, remove and modify any files on the affected server...
Web Servers BurnCMS Remote File Inclusion (CVE-2007-2364)
A Remote File Inclusion vulnerability has been reported in BurnCMS. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...
Web Servers PHPCodeCabinet Remote File Inclusion (CVE-2006-4044)
A Remote File Inclusion vulnerability has been reported in PHPCodeCabinet. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Oracle Java awt_setPixels Information Disclosure (CVE-2014-0429)
An information disclosure vulnerability exists in Oracle Java. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in the disclosure of the memory contents...
Web Servers PHPFullAnnu Remote File Inclusion (CVE-2006-4644)
A Remote File Inclusion vulnerability has been reported in phpFullAnnu. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Web Servers VWar Remote File Inclusion (CVE-2006-1503)
A Remote File Inclusion vulnerability has been reported in VWar. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...
Web Servers Tosmo Mambo Remote File Inclusion (CVE-2007-2317)
A Remote File Inclusion vulnerability has been reported in Tosmo Mambo. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Multiple PHP Servers DQ99shell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
Web Servers mxBB MX Smartor Remote File Inclusion (CVE-2007-2189)
A Remote File Inclusion vulnerability has been reported in mxBB MX Smartor. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)
A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...
Microsoft Word RTF listoverridecount Memory Corruption (MS14-017; CVE-2014-1761)
A memory corruption vulnerability exists in Microsoft Word. The vulnerability is due to improper handling of structures when parsing a specially crafted RTF document. Remote, unauthenticated attackers could exploit this vulnerability by enticing the target user to open a specially crafted RTF fil...
Advantech WebAccess SCADA webvact.ocx GotoCmd Buffer Overflow (CVE-2014-0765)
A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This vulnerability is due to insufficient input validation on the GotoCmd parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...
Web Servers CBSMS Mambo Remote File Inclusion (CVE-2006-3294)
A Remote File Inclusion vulnerability has been reported in CBSMS Mambo. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Telecom Italia DownloaderActiveX.ocx ActiveX Control Code Execution (CVE-2008-2551)
An attacker may use the vulnerable ActiveX control in order to download and execute arbitrary files in the context of the currently logged-on user...
Samsung iPOLiS Device Manager FindConfigChildeKeyList Buffer Overflow (CVE-2014-3912)
A stack-based buffer overflow vulnerability has been reported in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller ActiveX control. A remote attacker can exploit these vulnerabilities by enticing a user to...
Rocket Servergraph Admin Center userRequest and tsmRequest Command Execution (CVE-2014-3915)
Multiple vulnerabilities exist in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs userRequest and tsmRequest. A remote...
Oracle Data Quality PostcardPreviewInt onclose Untrusted Pointer Dereference (CVE-2014-2415)
A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.TransformerTools.PostcardPreviewInt ActiveX control. A remote attacker can exploit this vulnerability by...
AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)
Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...
HP Release Control Authenticated Privilege Escalation
A privilege escalation vulnerability exists in HP Release Control. The vulnerability is due to a design weakness in implementing access control restrictions to the "updateUserPassword" method. A remote, authenticated but unprivileged user is able to exploit this vulnerability by sending...
Web Servers WAnewsletter Remote File Inclusion (CVE-2007-2969)
A Remote File Inclusion vulnerability has been reported in WAnewsletter. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Oracle Data Quality FileChooserDlg onChangeDirectory Untrusted Pointer Dereference (CVE-2014-2418)
A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscTools.FileChooserDlg ActiveX control. A remote attacker can exploit this vulnerability by enticing a user ...
Adobe Flash Player Sandbox Security Bypass (APSB14-14: CVE-2014-0519)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
SAP Sybase Event Stream Processor esp_parse ConnectionType Unsafe Pointer Dereference (CVE-2014-3458)
Five unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, an remote attacker can caus...
Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0528)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Microsoft Internet Explorer Memory Corruption (MS14-037; CVE-2014-1765)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2797)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2801)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2787)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...