13538 matches found
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1797)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1802)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Lync Server Information Disclosure (MS14-032; CVE-2014-1823)
An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. The vulnerability is caused when Lync Server does not properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially...
OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)
A security bypass via ChangeCipherSpec CCS Injection vulnerability has been reported in older versions of OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for keying material. The vulnerability can be exploited through the use of a man in the middle attack, where an attacke...
vBulletin install upgrade.php Privilege Escalation (CVE-2013-6129)
A privilege escalation vulnerability has been reported in vBulletin. A remote attacker may exploit this issue by sending a specially crafted POST message to the "install/upgrade.php" component of the server via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameter...
Eppler Software WebTester install2.php Script Command Execution
A command execution vulnerability has been reported in Eppler Software WebTester 5.x. The vulnerability is due to insufficient validation of the 'cpusername', 'cppassword' and 'cpdomain' parameters provided by the user. A remote unauthenticated attacker could exploit this vulnerability by sending...
Microsoft SQL 2000 Slammer Worm Denial of Service (CVE-2002-0649)
Slammer is a memory resident worm targeted to attack Microsoft SQL 2000. By propagating rapidly, the worm can cause a denial of service condition on affected targets...
ISPConfig Authenticated Arbitrary PHP Code Execution (CVE-2013-3629)
A code execution vulnerability has been reported in ISPConfig. The vulnerability is due to a flaw in the /content.php script that is triggered when parsing language files. An attacker could trigger this flaw via a specially crafted language file. Successful exploitation of this vulnerability coul...
GnuTLS Server Hello Session ID Heap Buffer Overflow (CVE-2014-3466)
A remote code execution vulnerability has been reported in GnuTLS. A remote attacker can exploit this vulnerability by sending a specially crafted ServerHello handshake message to an affected GnuTLS server...
OpenSSL DTLS Hello Message Denial of Service (CVE-2014-0221)
A Denial of Service vulnerability has been reported in older versions of OpenSSL. The vulnerability is due to a DTLS recursion flaw. A remote attacker can exploit this vulnerability by sending an invalid DTLS handshake to an OpenSSL DTLS client...
GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)
A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...
NETGEAR ReadyNAS np_handler Code Execution (CVE-2013-2751)
A security vulnerability was found in FrontView web interface in NETGEAR ReadyNAS RAIDiator. The vulnerability is due to the nphandler.pl script failing to sanitize input. A remote attacker can exploit this weakness by execute arbitrary Perl code via a crafted request...
OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)
A remote code execution vulnerability exists in OpenSSL. The vulnerability is due to an error when handling fragmented DTLS handshake messages. Successful exploitation can create a denial of service condition and may allow execution of arbitrary code within the context of the process using OpenSS...
vBulletin Nodeid Parameter SQL Injection (CVE-2013-3522)
An SQL injection vulnerability has been reported in vBulletin 5. The vulnerability is due to an insufficient validation on user input. A remote authenticated attacker could exploit this vulnerability by injecting a specially crafted SQL query via the nodeid parameter...
Symantec Workspace Streaming XML-RPC Arbitrary File Upload (CVE-2014-1649)
An arbitrary file upload vulnerability exists in Symantec Workspace. The vulnerability is due to lack of access control validation in the functionality used to process XMLRPC requests. A remote unauthenticated attacker could exploit this vulnerability by a sending specially crafted XML-RPC reques...
Wireshark MPEG File Parser Stack Buffer Overflow (CVE-2014-2299)
A buffer overflow vulnerability has been reported in Wireshark. The vulnerability is due to insufficient boundary checking when using mpeg file parser. An attacker can exploit this issue to crash the affected application...
WinRAR Filename Spoofing
A vulnerability in WinRAR allows attackers to spoof filenames within a compressed archive. A remote attacker can exploit this vulnerability to entice victims to run arbitrary files...
JIRA Issues Collector Directory Traversal (CVE-2014-2314)
A directory traversal vulnerability has been reported in the Issues Collector plugin in Atlassian JIRA. The vulnerability is due to insufficient validation of the 'filename' parameter provided by the user. A remote attacker could exploit this vulnerability by sending a specially crafted request t...
Digium Asterisk File Descriptor Invalid Headers Syntax Denial of Service (CVE-2014-2287)
A denial of service condition has been reported in Digium Asterisk. The vulnerability is due to file descriptor exhaustion from a large number of invalid SIP INVITE requests. A remote attacker can exploit this vulnerability to cause a denial of service condition...
CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)
An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...
Microsoft Office Chinese Grammar Checker Insecure Library Loading (MS14-023; CVE-2014-1756)
An insecure library loading vulnerability has been reported in Microsoft Office proofing tools. The vulnerability is due to the way that the Chinese Simplified Grammar Checker component handles the loading of dynamic-link library .dll files. A remote attacker could exploit this vulnerability by...
ClamAV Mail Filter Extension Crafted Recipient Command Execution - ver 2 (CVE-2007-4560)
A shell command injection vulnerability has been reported in ClamAV AntiVirus product. The vulnerability is due to an application who processes malicious SMTP commands. An unauthenticated attacker can exploit this vulnerability by delivering a crafted request to the target host, resulting in...
Katello update_roles Privilege Escalation (CVE-2013-2143)
A privilege escalation vulnerability has been reported in Katello. The vulnerability is due to a missing authorization at the "updateroles" action of "users" controller. A remote authenticated attacker may exploit this vulnerability to gain administrator privileges...
Adobe Reader Malformed JavaScript Security Bypass (APSB14-15: CVE-2014-0512)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Adobe Flash Player Sandbox Security Bypass (APSB14-14: CVE-2014-0518)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Adobe ColdFusion JRun Application Server Denial of Service (APSB13-19; CVE-2013-3349)
A denial of service vulnerability has been found on Adobe ColdFusion. A remote attacker can exploit this vulnerability by sending specially crafted data to a target system. This protection will detect and block attempts to exploit this vulnerability...
Multiple Vendors Router TCP Backdoor Remote Code Execution
A remote code execution vulnerability has been reported in Internet routers. The vulnerability is due to a TCP port backdoor. A remote attacker could exploit this vulnerability by sending a malicious request to a vulnerable router...
Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0526)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Oracle MySQL Server XPath Denial Of Service (CVE-2014-0384)
A memory-corruption vulnerability has been reported in the Oracle MySQL Server. This vulnerability is due to an error in the XPath component when processing queries containing XML function calls. A remote, authenticated attacker can exploit this vulnerability by sending a malicious SQL request to...
Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0524)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader API Calls Code Execution (APSB14-15; CVE-2014-0525)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Reader handles certain API calls to unmapped memory that could lead to code execution. A remote attacker can exploit this issue by enticing a target user to open a specially...
Adobe Acrobat and Reader Buffer Overflow (APSB14-15: CVE-2014-0529)
A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
SQL Servers Time-based SQL Injection (CVE-2011-4710; CVE-2019-13978; CVE-2019-16065; CVE-2019-16119; CVE-2019-16383; CVE-2019-16692; CVE-2020-15468; CVE-2020-26518; CVE-2020-29284; CVE-2021-21915; CVE-2021-21916; CVE-2021-21917; CVE-2022-23337; CVE-2022-25149)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers UNION Query-based SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers SQL Injection Evasion Techniques - ver 2
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MySQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized SQL Injection Command Execution
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers SQL Injection Evasion Techniques
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
ElasticSearch search Remote Code Execution (CVE-2014-3120)
A remote command execution vulnerability has been found in ElasticSearch. The vulnerability is due to the search function in the REST API which does not require authentication and allows dynamic scripts execution. A remote attacker can exploit this weakness to execute arbitrary code via a special...
Symantec Messaging Gateway Management Console Cross Site Scripting (CVE-2014-1648)
A reflected Cross-Site Scripting vulnerability exists in Symantec Messaging Gateway Management Console. The vulnerability is due to insufficient input validation of the "displayTab" parameter. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary script code in the...
SQL Servers Stack Query SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Blind SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MSSQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized Commands SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Oracle Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
OpenMediaVault Cron Remote Command Execution (CVE-2013-3632)
A security vulnerability was found in OpenMediaVault. OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system including root...
LibYAML Scanner yaml_parser_scan_uri_escapes Heap Buffer Overflow - ver 2 (CVE-2014-2525)
A heap buffer overflow vulnerability has been reported in LibYAML's scanner. This vulnerability is due to insufficient validation of percent encoded text in the URI of tags within YAML documents. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document...
Yokogawa CENTUM CS 3000 SCADA Service Buffer Overflow (CVE-2014-0783)
A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. A remote attacker can exploit this vulnerability by sending specially crafted packets...
NAS4Free exec.php Arbitrary Remote Code Execution (CVE-2013-3631)
A code execution vulnerability has been reported in NAS4Free. The vulnerability is due to "Advanced | Execute Command" feature that allows remote authenticated users to execute arbitrary PHP code via a request to exec.php. A remote unauthenticated attacker can exploit this vulnerability by execut...
Adobe Acrobat and Reader Buffer Overflow (APSB14-15; CVE-2014-0511)
A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...