13538 matches found
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-0282)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...
Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2804)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-037; CVE-2014-1765)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Ericom AccessNow Server Stack Buffer Overflow (CVE-2014-3913)
A stack buffer overflow vulnerability exists in Ericom AccessNow Server. The vulnerability is due to improper handling of specially crafted HTTP requests for non-existent files. A remote attacker can exploit this vulnerability by sending a crafted HTTP request...
EFS Software Easy File Management Web Server UserID Buffer Overflow
A stack buffer overflow vulnerability exist in Easy File Management Web Server. The vulnerability is due to an boundary error when handling UserID cookie. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable server...
LightsOut/Hello Exploit Kit (CVE-2013-2465)
LightsOut/Hello is an exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target...
Multiple PHP Servers SyrianShell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
Fiesta Exploit Kit Redirection
Fiesta is an exploit kit used by attackers targeting computer users. Remote attackers can infect users with Fiesta by enticing them to visit a malicious landing page...
Web Servers Malicious Encoding Directory Traversal
There exists a directory traversal vulnerability on multiple web servers. The vulnerability is due to an input validation error in the web server that does not properly sanitize directory traversal patterns...
LibYAML Scanner yaml_parser_scan_uri_escapes Heap Buffer Overflow (CVE-2014-2525)
A heap buffer overflow vulnerability has been reported in LibYAML's scanner. This vulnerability is due to insufficient validation of percent encoded text in the URI of tags within YAML documents. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document...
Cogent DataHub Web Server GetPermissions.asp Command Injection (CVE-2014-3789)
A remote command injection vulnerability has been reported in Cogent DataHub. The vulnerability is due to insufficient validation within the GetPermissions.asp page. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to GetPermissions.asp. This can result...
Simple E-Document upload Remote Code Execution
A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...
Oracle Data Quality DateTimeWrapper onchange Remote Code Execution (CVE-2014-2416)
A remote code execution vulnerability has been reported in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscForms.DateTimeWrapper ActiveX control. A remote attacker can exploit this vulnerability by...
ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)
A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...
ISC BIND Recursive Nameservers Prefetch Denial of Service (CVE-2014-3214)
A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to an assertion failure when processing queries involved in the prefetch feature of recursive nameservers. A remote attacker may exploit this vulnerability by sending a specially crafted query to the affecte...
Expiro User-Agent
Xpiro is a virus designed to steal sensitive information from affected users...
Advantech WebAccess SCADA webvact.ocx AccessCode2 Buffer Overflow (CVE-2014-0768)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode2 parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...
Adobe Flash Player and AIR Security Bypass (APSB14-14: CVE-2014-0517)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Multiple PHP Servers WeevelyShell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
ZmEu Security Scanner
ZmEu is a vulnerability scanning product. Remote attackers can use ZmEu to detect vulnerabilities on a target server...
PDF Containing Encrypted Data
PDF files may include encrypted data. A remote attacker may use such encrypted data inside PDF files to hide attacks against various PDF vulnerabilities, in order to evade IPS inspection. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it m...
WordPress OptimizePress Theme File Upload Remote Code Execution
A file upload vulnerability has been reported in the Wordpress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...
Joomla Media Manager File Upload Code Execution (CVE-2013-5576)
A remote code execution vulnerability has been found in Joomla Media Manager. The vulnerability is due to the Joomla Media Manager component allowing arbitrary file uploads, and results in arbitrary code execution. A remote attacker can exploit this weakness to upload malicious PHP files which...
McAfee ePolicy Orchestrator Remote Code Execution (CVE-2013-0140; CVE-2013-0141)
A remote code execution vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an error in the ePO server that fails to properly sanitize user supplied data. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted http...
Apple CUPS Web Interface URL Handling Cross-Site Scripting (CVE-2014-2856)
A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...
Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow (CVE-2014-0767)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...
Oracle Data Quality DscXB onloadstatechange Untrusted Pointer Dereference (CVE-2014-2417)
A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscXB.XB ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a...
Adobe Reader Javascript API Information Disclosure (APSB14-15; CVE-2014-0521)
An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an error in the way Adobe Reader handles specially crafted PDF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...
Advantech WebAccess SCADA webvact.ocx NodeName2 Buffer Overflow (CVE-2014-0766)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the NodeName2 parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote unauthenticated attacker could exploit this vulnerability by enticing a...
eScan Web Management Console Command Injection
A code execution vulnerability exists in the eScan Web Management Console. This vulnerability is due to processing CheckPass login requests with mwconf privileges. A remote attacker may exploit this vulnerability using a valid username and a malformed password to execute arbitrary commands...
Linux System Files Information Disclosure (CVE-2018-10823; CVE-2018-3948)
Linux operating system contains system files with sensitive information. If not properly configured, remote attackers can view the information on such files...
Adobe Flash Player Sandbox Security Bypass (APSB14-14: CVE-2014-0520)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Microsoft Internet Explorer Crafted URL Remote Code Execution
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a use-after-free condition in Internet Explorer. A remote attacker can exploit this vulnerability by enticing users to open a specially crafted URL...
SePortal staticpages SQL Injection (CVE-2008-5191)
An SQL injection vulnerability has been reported in SePortal. A remote attacker may exploit this issue by executing arbitrary SQL commands via the pollid parameter to pool.php and the spid parameter to staticpages.php. Successful exploitation could cause an SQL statement execution on the server,...
PHP print Remote Shell Command Execution
A remote command execution vulnerability has been reported in PHP. A remote attacker can exploit this issue by sending a specially crafted HTTP request to an affected server...
Mozilla Multiple Products WebIDL Remote Code Execution (CVE-2014-1510; CVE-2014-1511)
A remote code execution vulnerability has been reported in Mozilla Firefox, SeaMonkey and Thunderbird. The vulnerability is caused due to improper handling of XPI files. A remote attacker could exploit this issue by enticing a target user to open a web page containing a specially crafted XPI file...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1791)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1804)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1762)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Advantech WebAccess SQL Injection Information Disclosure (CVE-2014-0763)
Multiple vulnerabilities have been reported in Advantech WebAccess. A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1805)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1795)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
OpenSSL Anonymous ECDH Denial of Service (CVE-2014-3470)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an unspecified issue when processing Anonymous ECDH ciphersuites. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target machine...
Microsoft Visio Packed Object Parsing Memory Corruption - ver 2 (CVE-2007-0936)
A remote code-execution vulnerability has been reported in Microsoft Visio. The vulnerability is due to incorrectly handling the parsing of a packed object. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Visio file, potentially causing...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1789)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1785)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1772)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
Infinity is a web exploit kit that operates by delivering a malicious payload to the victim's computer. Remote attackers can infect users with Infinity exploit kit by enticing them to visit a malicious web page. Infinity Exploit Kit installs payloads on infected computer, which could result in da...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1800)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1766)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...