13538 matches found
Adobe Flash Player Information Disclosure (APSB14-09: CVE-2014-0508)
An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an...
VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow - ver 2 (CVE-2012-1775)
A stack buffer overflow vulnerability has been reported in VLC Media Player. The vulnerability is due to insufficient bounds checking in the MMS access plugin while copying a hostname into a stack buffer. A remote attacker can exploit this issue by convincing a target user to open a specially...
IBM Lotus Domino LDAP Server Memory Exception (CVE-2006-0580; CVE-2006-4510)
A denial of service vulnerability exists in the IBM Lotus Domino LDAP Server component. The flaw is caused by improper validation of the user supplied data in an LDAP bind request. An attacker can exploit this vulnerability to terminate the target server which causes a denial of service condition...
OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)
An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server...
Adobe Flash Player Use After Free Code Execution (APSB14-09: CVE-2014-0507)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB14-09; CVE-2014-0506)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading SWF files. A remote attacker can exploit this issue by enticing the victim to open a malicious web page...
RealNetworks RealPlayer SWF Frame Handling Buffer Overflow - ver 2 (CVE-2007-5400)
There exists a heap buffer overflow vulnerability in the RealNetworks RealPlayer product. The vulnerability is due to a design error within the handling of frames in Shockwave Flash SWF files. A remote attacker can exploit this vulnerability to create a heap overflow condition in the target...
Nginx Request URI Verification Security Bypass (CVE-2013-4547)
There exists a security bypass vulnerability in Nginx. The vulnerability is caused by improper handling of unescaped space characters within URIs. A remote attacker can exploit this vulnerability to bypass security restrictions in certain configurations...
Microsoft Internet Explorer 7
Internet Explorer 7 IE7 is an older version of Microsoft Internet Explorer. Using IE7 may indicate suspicious activity...
Illegal TCP Options
TCP packet options may contain illegal values. Attackers can use specially crafted TCP packets for remote network attacks...
w3af Security Scanner
w3af is a vulnerability scanning product. Remote attackers can use w3af to detect vulnerabilities on a target server...
LibWhisker Security Scanner
LibWhisker is a vulnerability scanning product. Remote attackers can use LibWhisker to detect vulnerabilities on a target server...
Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1755)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1752)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
PostgreSQL Database Datetime Buffer Overflow (CVE-2014-0063)
A remote code execution vulnerability has been reported in PostgreSQL Database. The vulnerability is due to a stack buffer overflow when handling the Datetime string. A remote attacker can exploit the vulnerability by sending a malicious request to the target server...
Nikto Security Scanner
Nikto is a vulnerability scanning product. Remote attackers can use Nikto to detect vulnerabilities on a target server...
Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1753)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301) - ver 2
A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...
Google Android addJavascriptInterface Remote Code Execution
A remote code execution vulnerability has been reported in Google Android prior to 4.2. The vulnerability is due to an error in the addJavascriptInterface method within the WebView class, commonly used in numerous mobile applications. A remote attacker can exploit this vulnerability by persuading...
Google Chrome V8 JavaScript Engine Memory Corruption (CVE-2014-1705)
A memory corruption vulnerability exist in Google Chrome. The vulnerability is due to an error while processing JavaScript code by the V8 JavaScript Engine. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page...
Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1751)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
PHP JavaScript Website Redirection
A website redirection vulnerability has been reported in PHP. A remote attacker can exploit this vulnerability to load and run a malicious file served from a second compromised host...
BlackHole Toolkit URL Pattern Remote Code Execution
BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a specially crafted link...
Autodesk AutoCAD Insecure Library Loading (CVE-2014-0819)
An insecure library loading vulnerability has been reported in AutoCAD. The vulnerability is due to an improper dynamic link library DLL search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an AutoCAD file from a malicio...
BSQL Automated SQL Injection tool
BSQL is an automated SQL Injection tool. Remote attackers can use BSQL to fetch data from the database and execute SQL statements...
Havij Automated SQL Injection tool
Havij is an automated SQL Injection tool. Remote attackers can use Havij to fetch data from the database and execute SQL statements...
Pangolin Automated SQL Injection tool
Pangolin is an automated SQL Injection tool. Remote attackers can use Pangolin to fetch data from the database and execute SQL statements...
Sqlninja Automated SQL Injection tool
Sqlninja is an automated SQL Injection tool. Remote attackers can use Sqlninja to fetch data from the database and execute SQL statements...
Lighttpd Host Header mod_mysql_vhost SQL Injection (CVE-2014-2323)
A SQL injection vulnerability has been reported in Lighttpd Web Server. The vulnerability is due to insufficient sanitization of user supplied input in the Host header field of a request. A remote attacker could exploit this vulnerability by placing specially crafted data in the Host header field...
Sqlmap Automated SQL Injection tool
Sqlmap is an automated SQL Injection tool. Remote attackers can use Sqlmap to fetch data from the database and execute SQL statements...
Multiple PHP Servers R57shell Backdoor Command Execution
A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...
Apache Camel XSLT Component XML External Entity (CVE-2014-0002)
An XML External Entity XXE vulnerability has been reported in Apache Camel. The vulnerability is due to an error in handling XSL stylesheets in the XSLT component. A remote, unauthenticated attacker can exploit this vulnerability to disclose the contents of files accessible to Apache Camel's Java...
Autodesk AutoCAD Insecure FAS Loading (CVE-2014-0818)
A code execution vulnerability has been reported in AutoCAD. The vulnerability is due to using improper search path when loading FAS files. A remote attacker could exploit this vulnerability by enticing a user to process an FAS file from a malicious source...
Apache HTTP Server mod_log_config Denial of Service (CVE-2014-0098)
A denial of service vulnerability has been reported in Apache HTTP server. The vulnerability is due to a log processing error in the modlogconfig module. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server...
EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)
An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...
JBroFuzz Security Scanner
JBroFuzz is a vulnerability scanning product. Remote attackers can use JBroFuzz to detect vulnerabilities on a target server...
Google Chrome and Apple Safari Apple Webkit Ruby Memory Corruption - Ver2 (CVE-2011-1440)
A memory corruption vulnerability has been reported within Apple WebKit, a component of Apple Safari and Google Chrome web browsers and Apple iTunes. The vulnerability is due to an error in Apple Webkit while handling certain display properties within the ruby:before and ruby:after style sheet...
Adobe Acrobat JavaScript getIcon Method Buffer Overflow - Ver2 (CVE-2009-0927)
A buffer overflow vulnerability has been reported in Adobe Acrobat. The vulnerability is due to insufficient input validation in the getIcon method of a Collab object, while processing a crafted PDF file. Successful exploitation of this vulnerability could allow a remote attacker to execute...
HP SiteScope issueSiebelCmd SOAP Request Code Execution - Ver2 (CVE-2013-4835)
A command execution vulnerability has been found in HP SiteScope. The vulnerability is due to lack of authentication when handling "issueSiebelCmd" SOAP requests. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected service...
Adobe Photoshop Tiff File RLE Compression Buffer Overflow - Ver2 (CVE-2012-2027)
A buffer overflow vulnerability has been reported in Adobe Photoshop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple Safari out-of-bounds access Denial of Service - Ver2 (CVE-2008-2001)
A denial-of-service vulnerability has been reported in Apple Safari. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Akarru main_content.php bm_content Parameter PHP Code Execution - Ver2 (CVE-2006-4645)
A code execution vulnerability has been reported in Akarru Social Bookmarking Engine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HP Network Node Manager Cross-Site Scripting - Ver2 (CVE-2011-4156)
A cross-site scripting vulnerability has been reported in Hp Network Node Manager I. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Internet Explorer HtmlDlgHelper Class Memory Corruption - Ver2 (CVE-2010-3329)
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. Successful exploitation of...
Microsoft DirectShow AVI Parser Heap Overflow - Ver2 (CVE-2010-0250)
A buffer overflow vulnerability has been reported in Microsoft DirectShow. The vulnerability is due to the way Microsoft DirectShow component handles specially crafted AVI files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...
Microsoft Internet Explorer 8
Internet Explorer 8 IE8 is an older version of Microsoft Internet Explorer. Using IE8 may indicate suspicious activity. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS...
Oracle Java sun.tracing.ProviderSkeleton Sandbox Bypass Code Execution - Ver2 (CVE-2013-2460)
A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to Oracle Java allowing calls to arbitrary static methods with user supplied arguments via the invoke method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary...
Microsoft Word Crafted Sprm Structure Stack Memory Corruption - Ver2 (CVE-2008-4837)
A memory corruption vulnerability has been reported in Microsoft Office Word. The vulnerability is due to an error in Microsoft Word that fails to properly handle Word files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected syst...
MyNewsGroups layersmenu.inc.php myng_root Parameter PHP Code Execution - Ver2 (CVE-2006-3966)
A code execution vulnerability has been reported in MyNewsGroups. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Java Applet JAX-WS Remote Code Execution - Ver2 (CVE-2012-5076)
A security bypass vulnerability has been reported in Java Runtime Environment JRE. The vulnerability is due to insufficient access restriction in the default Java security properties configuration. A remote attacker can exploit this vulnerability by enticing a target user to open an untrusted,...