13538 matches found
Microsoft Windows Common Controls Remote Code Execution - Ver2 (CVE-2012-1856)
A code execution vulnerability has been reported in the Windows Common Controls. The vulnerability is due to a corruption of the system state by the TabStrip ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected syst...
HP Managed printing Administration jobAcct Remote Command Execution - Ver2 (CVE-2011-4166)
A command execution vulnerability has been reported in Hp Managed Printing Administration. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Internet Explorer VML Remote Code Execution - Ver2 (CVE-2012-0155)
A code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object that has been deleted. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Microsoft Windows Cinepak Codec Remote Code Execution (MS10-055) - Ver2 (CVE-2010-2553)
The Cinepak codec is a media encoder and decoder supported by the Windows Media Player. A remote code execution vulnerability has been reported in the way the Cinepak codec handles supported format files. The vulnerability is due to an error in the Cinepak codec that fails to properly handle...
Microsoft Office PNG File Parsing Buffer Overflow - - Ver2 (CVE-2013-1331)
A buffer overflow vulnerability has been reported in Microsoft Office. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Office RTF File listid Use-After-Free - Ver2 (CVE-2012-2528)
A use-after-free vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a memory handling error while parsing specially crafted RTF Rich Text Format files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Microsoft DirectShow QuickTime Movie Parser Filter Code Execution - Ver2 (CVE-2009-1537)
Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The QuickTime Movie Parser filter splits Apple QuickTime data into audio and video streams. The vulnerability is due to the way Microsof...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)
An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Microsoft Windows Media Player ASX Parsing Buffer Overflow - Ver2 (CVE-2006-6134)
A buffer overflow vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to a buffer overflow error when processing malformed ASX file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GDI WMF File Rendering Code Execution - Ver2 (CVE-2005-2124)
A code execution vulnerability has been reported in Microsoft GDI. An attacker could exploit this vulnerability via a crafted Windows Metafile WMF format image. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Anonymous DoSer Denial of Service Tool
Anonymous DoSer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
Web Servers Slow HTTP Denial of Service
A denial of service vulnerability has been reported in all web servers. The vulnerability is due to the server's inability to handle multiple specially crafted TCP packets. Remote attackers can exploit this issue by continuously sending small TCP data packets to the server...
HULK Denial of Service Tool
Hulk is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
GoldenEye Denial of Service Tool
GoldenEye is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...
Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301)
A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...
FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow - ver 2 (CVE-2014-1452)
A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote, unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of...
Poster Software PUBLISH-iT PUI File Processing Buffer Overflow (CVE-2014-0980)
A stack buffer overflow vulnerability exists in Poster Software PUBLISH-iT. The vulnerability is due to insufficient validation on the length of entry names in a "styl" record when processing PUI files. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a...
OpenSSL TLS Record Tampering Denial of Service (CVE-2013-4353)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an error in handling certain TLS records during the handshake process. A remote unauthenticated attacker could exploit this vulnerability by sending tampered records to a vulnerable SSL client which could be a server...
Apple Products SSLVerifySignedServerKeyExchange Security Feature Bypass (CVE-2014-1266)
There exists a security feature bypass vulnerability in Apple products. The vulnerability is due to the SSLVerifySignedServerKeyExchange function in the Secure Transport feature not checking the signature in a TLS Server Key Exchange message. This vulnerability allows man-in-the-middle attackers ...
SkyBlueCanvas CMS Remote Command Execution (CVE-2014-1683)
A remote code execution vulnerability has been reported in SkyBlueCanvas CMS. The vulnerability is due to the filebashMail function that allows remote attackers to execute arbitrary commands, when the pid parameter is 4. A remote attacker can exploit this vulnerability by execute arbitrary comman...
McAfee ePolicy Orchestrator XML External Entity (CVE-2014-2205)
An XML External Entity XXE vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to a design weakness in the ePO Web Console component. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...
OpenSSL ssl_get_algorithm2 TLS Denial of Service - ver 2 (CVE-2013-6449)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in sslgetalgorithms2 where the SSL/TLS version is obtained from an incorrect structure leading to a NULL pointer dereference when computing a message digest. A remote unauthenticated attacker can...
Squid Proxy DNS Response Spoofing (CVE-2005-1519; CVE-2007-3898)
There exists a vulnerability in Squid Web Proxy Cache in the processing of DNS lookups. The flaw is caused by predictable transaction identifiers in DNS requests generated by Squid. A remote attacker may leverage this vulnerability to use spoofed DNS responses to poison the DNS cache on the targe...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0307)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
WordPress Pingback Distributed Denial of Service
The XMLRPC Pingback function in WordPress can be used to force WordPress servers into sending HTTP requests to other servers. Remote attackers can leverage this function to conduct DDoS attacks by sending specially crafted HTTP requests to legitimate WordPress servers...
PHP GLOBALS Remote File Inclusion (CVE-2006-4966)
A Remote File Inclusion vulnerability has been reported in chumpsoft phpQuestionnaire. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This...
Secure Sockets Layer (SSL) Version 2.0 (CVE-2016-0703; CVE-2016-0704; CVE-2016-0800)
Secure Socket Layer SSL is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. This protocol is considered obsolete and insecure, and is deprecated in favor of the more advanced TLS protocol. This protection will detect and block any use ...
Fraudulent SSL Certificates Man-In-The-Middle
Fake SSL certificates may be used to carry out man-in-the-middle attacks against affected targets. Successful attacks would allow attackers to decrypt legitimate online traffic...
Adobe Flash Player Address Leak Buffer Overflow (APSB14-02; CVE-2014-0492)
An address leak vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the ActionScript Virtual Machine AVM while handling malicious Flash files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted SWF file...
Web servers PHPMyAdmin Misconfiguration Code Injection
A code injection vulnerability has been reported in PHPMyAdmin. The vulnerability is due to PHPMyAdmin misconfiguration. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...
Nessus Security Scanner
Nessus is a vulnerability scanning product. Remote attackers can use Nessus to detect vulnerabilities on a target server...
PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)
A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
A Cross-Site Scripting vulnerability has been reported in Apache HTTP servers. The vulnerability is due to lack of sanitization for data supplied in the HTTP request header. A remote attacker can exploit this vulnerability by sending an HTTP request containing crafted request header to the target...
Apache HTTP Server Format String Remote Code Execution
A remote code execution vulnerability has been reported in Apache HTTP servers. The vulnerability is due to the failure of the application in verifying string arguments that are passed to a formatting function. A remote attacker can exploit this vulnerability to inject and execute arbitrary code...
PostgreSQL Database geo_ops path_in Integer Overflow (CVE-2014-0064)
An integer overflow vulnerability has been found in PostgreSQL Database. The vulnerability is due to improper validation when processing a large number of points for a geometric data type. A remote authenticated attacker could exploit this vulnerability by sending malicious information to a table...
Microsoft IIS Input Validation Directory Traversal (CVE-2000-0884)
A directory traversal vulnerability has been reported in Microsoft IIS. The vulnerability is due to an input validation error in Microsoft IIS that does not properly sanitize the URI for directory traversal patterns. Successful exploitation of this vulnerability would allow the attacker to execut...
Apache Tomcat Server Malicious Request Information Disclosure (CVE-2002-2006; CVE-2002-2007; CVE-2002-2008)
An Information disclosure vulnerability has been reported in Apache Tomcat servers. The vulnerability is due to an error in the way Apache Tomcat handles specially crafted page requests. A remote attacker can exploit this vulnerability by sending crafted requests which will result in Apache Tomca...
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
A heap buffer overflow vulnerability has been reported in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful...
HP Data Protector CRS Multiple Stack Buffer Overflows (CVE-2013-6195)
Multiple stack buffer overflows exist in HP Data Protector. The vulnerabilities are due to a lack of input sanitization on Strings provided with various opcodes. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could...
Oracle Java Beans DocumentHandler XML External Entity (CVE-2014-0423)
A XML external entity XXE vulnerability exists in Oracle Java.This is due to an incorrectly configured XML parser in the Beans DocumentHandler interface that readily processes XML external entities by default. A remote unauthenticated attacker may exploit this vulnerability via specially crafted...
Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)
An infinite loop vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient boundary checks when processing the Content-Type header of a multipart request. A remote attacker could exploit this vulnerability by sending a large amount of data to the server causing it to use up...
Symantec Web Gateway blacklist.php Cross Site Scripting (CVE-2013-5013)
A cross-site scripting vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to an input validation error in blocklist.php. A remote attacker can exploit this vulnerability by enticing a user to follow a specially crafted URL or to submit a web form with crafted values...
RealNetworks RealPlayer RMP File Stack Buffer Overflow (CVE-2013-6877)
A stack buffer overflow exists in RealNetworks RealPlayer. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. The vulnerability is due to an error when parsing the version and encoding attributes of the XML declaration statement. An...
Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)
There exists an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value resulting in the CGI...
Apache Santuario XML Security for Java DTD Denial of Service (CVE-2013-4517)
A denial of service vulnerability exists in Apache Santuario XML Security for Java. The vulnerability is due to the allowing of Document Type Definitions DTDs when validating signatures. A remote attacker can exploit this vulnerability by providing a specially crafted XML signature. Successful...
WellinTech Multiple Products kxClientDownload ActiveX Remote Code Execution (CVE-2013-2827)
A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an...
Adobe Flash Player Information Disclosure (APSB14-08: CVE-2014-0504)
An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files...
Adobe Flash Player Same Origin Security Bypass (APSB14-08; CVE-2014-0503)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles URLs within HTML files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Microsoft Windows IPv6 Router Advertisements Denial of Service (MS14-006; CVE-2014-0254)
A denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to a design weakness in the IPv6 stack as it processes router advertisement packets. An attacker can exploit this vulnerability by sending a large number of specially crafted IPv6 packets to the...
Adobe Flash Player Cross-Site Scripting (APSB14-02: CVE-2014-0491)
A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted URLs. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...