13538 matches found
TLS Servers Cipher Suites Vulnerability Scanning Tools
Several vulnerability scanning tools are designed to gather supported cipher suites information from TLS servers. Such scans might indicate an attempt to disclose information about a server, as a preparation for an attack...
Ecava IntegraXor Buffer Overflow (CVE-2010-4597)
A remote code execution vulnerability has been reported in Ecava IntegraXor. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...
OpenSSL do_ssl3_write Denial of Service (CVE-2014-0198)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in dossl3write in ssl/s3pkt.c. A remote unauthenticated attacker could exploit this vulnerability by triggering the generation of an Alert, leading to a NULL pointer dereference and causing a deni...
Microsoft Windows iSCSI Target Denial of Service (MS14-028; CVE-2014-0255)
A denial-of-service vulnerability exists in Microsoft Windows Servers where the iSCSI target role is enabled. The vulnerability is due to memory exhaustion when handling iSCSI packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a large number of specially craft...
Adobe Acrobat And Reader Use-After-Free (APSB14-15; CVE-2014-0527)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitatio...
JavaScript Malicious Obfuscation Techniques - Ver2
Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Since the exploits are obfuscated they may not be detected by IDS and IPS systems, thus allowing attackers to successfully attack target machines...
Schneider Electric ClearSCADA OPF File Parsing Out of Bounds Array Indexing (CVE-2014-0779)
A code execution vulnerability has been reported in Schneider Electric ClearSCADA. The vulnerability is due improper validation of a length parameter that is used to index an array in the OPF File parsing component. A remote attacker could exploit this vulnerability by enticing the target user to...
RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Command Execution
Multiple remote command execution vulnerabilities exist in RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX. The vulnerabilities are due to design flaws in three insecurely implemented methods. An attacker can leverage these vulnerabilities by enticing a target user to open a crafted web page...
RARLAB WinRAR Zip Format Filename Spoofing
A file name spoofing vulnerability has been reported in RARLAB's WinRAR. The vulnerability is due to a design weakness when processing zip format archives. Successful exploitation could allow for arbitrary code execution in the security context of the logged in user...
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
A denial of service vulnerability has been reported in PHP Fileinfo. Successful exploitation could result in a denial of service condition. The vulnerability is due to call stack exhaustion when mget handles a magic string. A remote attacker can exploit this flaw by sending a malicious request...
OpenLDAP rwm Overlay Denial of Service - ver 2 (CVE-2013-4449)
A denial of service vulnerability has been reported in OpenLDAP. The vulnerability is due to an error in reference counting in the rwm overlay. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server...
CA Erwin Web Portal Multiple Directory Traversal Vulnerabilities (CVE-2014-2210)
Multiple directory traversal vulnerabilities have been reported in CA ERwin Web Portal. The vulnerabilities are due to lack of authentication and insufficient input validation in the FileAccessServiceProvider and ProfileIconServlet servlets when processing HTTP requests. By sending crafted HTTP...
Adobe Flash Player Memory Corruption (APSB14-14: CVE-2014-0510)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Advantech WebAccess SCADA webvact.ocx UserName Buffer Overflow (CVE-2014-0770)
A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the UserName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. Successful exploitation could lead to code execution in the context of the...
PHP Libmagic Portable Executable Out-Of-Bounds Memory Access (CVE-2014-2270)
An out-of-bounds memory access vulnerability exists in PHP Libmagic. The vulnerability is due to the way the file utility determines the type of Portable Executable PE format files. A remote attacker can exploit this flaw by uploading a malicious PE file to a vulnerable server...
Xerox DocuShare ResultBackgroundJobMultiple SQL Injection
An SQL injection vulnerability has been reported in Xerox DocuShare. The vulnerability is due to insufficient validation of requests sent to ResultBackgroundJobMultiple. A remote attacker can exploit this vulnerability by sending a specially crafted request to the target service. This can result ...
Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)
An arbitrary PHP code execution vulnerability has been reported in Horde . An attacker can exploit this vulnerability to execute arbitrary code with the permissions of the web server...
Apache Struts ActionForm ClassLoader Security Bypass (CVE-2014-0114)
A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by the ActionForm class allowing for manipulation of the ClassLoader. A remote unauthenticated attacker could exploit this vulnerability by providing a "class" parameter in...
FreePBX config php Code Execution (CVE-2014-1903)
FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...
Red Hat JBoss Seam InterfaceGenerator Information Disclosure (CVE-2013-6448)
An information disclosure vulnerability exists in Red Hat JBoss Seam Framework. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web...
Adobe Reader Mobile JavaScript Interface Java Code Execution (CVE-2014-0514)
A code execution vulnerability exists in Adobe Mobile Reader for Android. The vulnerability is due to a failure to restrict access to certain JavaScript interfaces. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted document...
Yokogawa CENTUM CS 3000 SCADA Remote Code Execution (CVE-2014-0782)
A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to insecure usage of memory creation...
InduSoft Web Studio Directory Traversal (CVE-2014-0780)
A directory traversal vulnerability has been reported in InduSoft Web Studio. The vulnerability is due to insufficient validation of certain requests while using the development web server. An unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable...
Advantech WebAccess SCADA bwocxrun.ocx Command Execution (CVE-2014-0773)
A command execution vulnerability has been reported in Advantech WebAccess SCADA software. The vulnerability is due to insufficient input validation while parsing the first parameter of the bwocxrun.ocx ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by entici...
Red Hat CloudForms Management Engine SQL Injection (CVE-2013-2050)
An SQL injection has been reported in Red Hat CloudForms Management Engine. The vulnerability is due to improper sanitization of in the "explorer" action of "miqpolicy" controller. A remote attacker can exploit this vulnerability via the profile parameter in an explorer action...
Linux Kernel IPv6 Router Advertisement Packets Processing Denial of Service (CVE-2014-2309)
A denial of service vulnerability exists in the Linux kernel. The vulnerability is due to the way it handles IPv6 router advertisement packets. A remote attacker can exploit this vulnerability by sending maliciously crafted packets to a vulnerable system...
Red Hat CloudForms AgentController Directory Traversal (CVE-2013-2068)
A directory traversal vulnerability has been reported in Red Hat CloudForms. This vulnerability is due to improper sanitization of of the "filename" GET parameter passed to the "linuxpkgs" method of the AgentController. A remote unauthenticated attacker can exploit this vulnerability by sending...
Yokogawa CENTUM CS 3000 SCADA Buffer Overflow (CVE-2014-0784)
A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...
Microsoft Internet Explorer Memory Corruption (MS14-029; CVE-2014-0310)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
China Chopper Web Shell Remote Code Execution
China Chopper Web Shell is a malware designed to infect Web servers. The malware has a Web shell command-and-control CnC client binary and a text-based Web shell payload server component. Post infection, the malware enables remote attackers to execute arbitrary code on affected systems...
Adobe ColdFusion Server invoke() Method Code Execution (CVE-2013-3350)
A remote code execution has been reported in Adobe ColdFusion server. The vulnerability is due to a bug in the invoke method. A remote attacker can exploit this issue by changing values on a page hosted on the affected server...
Microsoft Internet Explorer Memory Corruption (MS14-029: CVE-2014-1815)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Advantech WebAccess SCADA webvact.ocx NodeName Buffer Overflow (CVE-2014-0764)
A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the NodeName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by...
Microsoft SharePoint Cross-site Scripting (MS14-022; CVE-2014-1754)
An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...
Microsoft Windows SMB Response Handling Buffer Overflow - ver 2 (CVE-2005-0045)
A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client component. A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system. Successful exploitation would allow an attacker to take comple...
Executable File With Non-Executable File Extension Arbitrary File Execution
Certain malicious executable files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
Cisco Prime Security Manager Cross-Site Scripting (CVE-2014-2118)
A cross-site scripting vulnerability has been reported in Cisco Prime Security Manager. The vulnerability is due to lack of sanitation on URL parameters. A remote attacker can exploit this vulnerability by sending a specially crafted request to an affected server...
Conficker Shellcode Remote Code Execution
Conficker is a computer worm that targets Windows users. Once resident, the worm has several mechanisms for pushing or pulling executable payloads over the network. These payloads are used by the worm to update to newer variants and to install additional malware...
Tftpd32 DNS Server Buffer Overflow - ver 2
A buffer overflow vulnerability has been reported in Tftpd32. The vulnerability is due to an error in the way the DNS component of Tftpd32 handles specially crafted domain labels. A remote attacker can exploit this issue by sending a specially crafted DNS query to a vulnerable Tftpd32 server...
GnuTLS Certificate Verification Policy Bypass (CVE-2014-0092)
A policy bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in validating certificates. A remote attacker can employ this vulnerability to bypass certificate validation performed by an application using a vulnerable version of the GnuTLS library...
Vtiger CRM Install Script Remote Command Execution
A command execution vulnerability has been reported in Vtiger CRM. The vulnerability is due to an arbitrary command execution in install script. A remote attacker may exploit this vulnerability by overwriting the target database configuration...
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java...
FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)
A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny servi...
Samba Root File System Access Security Bypass (CVE-2009-0022)
A security bypass vulnerability exists in Samba. The vulnerability is due to a design weakness when registry based share definition is enabled. A remote attacker may leverage this vulnerability to gain read-only access to the local file system in the security context of the Samba service...
Synology DiskStation Manager SLICEUPLOAD Code Execution (CVE-2013-6955)
An arbitrary file upload vulnerability exists in Synology DiskStation Manager. The vulnerability exists in webman/imageSelector.cgi. A remote unauthenticated attacker can append data to files by sending specially crafted HTTP requests to the server and execute arbitrary code through that...
IcoFX Stack Buffer Overflow (CVE-2013-4988)
A stack buffer overflow has been reported in IcoFX. The vulnerability is due to an error while parsing specially crafted .ico files. A remote attacker can exploit this issue by enticing a user to open a malicious .ico file...
Oracle Java ServiceLoader Exception Handling Sandbox Bypass (CVE-2014-0457)
A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a flaw in exception handling of the ServiceLoader class. This flaw could be used to disable the security manager and run Java code with full privileges. A remote, unauthenticated attacker can exploit this...
Nagios Remote Plugin Executor Command Injection
A command injection vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters containing newline characters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on th...
Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)
A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with t...
SSH Over DNS Tunneling
SSH over DNS tunneling can be used by attackers to disclose unauthorized information. A remote attacker can use DNS tunneling methods to circumvent security products...