13538 matches found
VLC Media Player RTSP Plugin Stack Buffer Overflow (CVE-2013-6933)
A stack buffer overflow exists in VideoLAN VLC Media Player. The vulnerability is due an error in VLC's embedded Live555 RTSP library, when handling RTSP requests. Incorrect handling of RTSP commands can result in a stack buffer overflow. A remote unauthenticated attacker could exploit this...
VICIdial Manager Send OS Command Injection (CVE-2013-4468)
An OS Command Injection vulnerability has been reported in VICIdial Manager. The vulnerability is due to a web application uses unsanitized user input. A remote attacker could trigger this flaw by using a crafted SQL parameter value...
WellinTech Multiple Products kxClientDownload ActiveX Remote Code Execution (CVE-2013-2827)
A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an...
HP Data Protector Opcode 42 Directory Traversal (CVE-2013-6194)
A directory traversal vulnerability has been reported in HP Data Protector. The vulnerability is due to a lack of input sanitization on a file name provided with Opcode 42. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...
HP Data Protector Opcode 45 and 46 Code Execution (CVE-2013-2348)
Multiple vulnerabilities have been reported in HP Data Protector. Both vulnerabilities are due to insufficient input validation on a string supplied with a message containing opcodes 45 or 46. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...
HP Data Protector EXEC_BAR Command Execution (CVE-2013-2347)
A command execution vulnerability has been reported in HP Data Protector. The vulnerability is due to a lack of input sanitization on a string provided with Opcode 11. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service...
Web Servers HTTP Response Splitter Cache Poisoning
A Cache Poisoning vulnerability has been identified in multiple web servers. The vulnerability is due to an error in the way the web server sanitizes user input. A remote attacker can exploit this vulnerability by sending a malicious request to the server...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0298)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0324)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...
OpenVAS Security Scanner
OpenVAS is a vulnerability scanning product. Remote attackers can use OpenVAS to detect vulnerabilities on a target server...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0297)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Kerberos Cross-Realm Referrals KDC NULL Pointer Dereference Denial of Service (CVE-2013-1417)
A denial of service vulnerability has been reported in Kerberos. The vulnerability is due to a NULL pointer dereference within the "processtgsreq" function. A remote attacker can exploit this vulnerability by sending a specially crafted request to a KDC serving a realm...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0306)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0302)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0305)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0309)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0311)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0312)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...
Microsoft Word Memory Corruption (MS14-001; CVE-2014-0258)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially craft...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0303)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0314)
A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0313)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...
Microsoft ASP.NET POST Request Denial of Service (MS14-009; CVE-2014-0253)
A denial of service vulnerability exists in Microsoft ASP.NET. The vulnerability is caused when the .NET Framework improperly identifies stale or closed HTTP client connections. A remote attacker can trigger this flaw by sending a small number of specially crafted requests to an affected server...
Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0299)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0304)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
Symantec Endpoint Protection Manager XML External Entity Denial Of Service (CVE-2013-5014)
A XML external entity XXE vulnerability exists in Symantec Endpoint Protection Manager SEPM. This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially...
OpenSSL DTLS Retransmission Denial of Service (CVE-2013-6450)
A use after free vulnerability has been reported in OpenSSL's handling of DTLS. The flaw is due to the clearing of DTLS context variable prior to a retransmission. This could lead to the OpenSSL application crashing resulting in a denial of service condition. A remote attacker could exploit this...
Joomla! JomSocial Input Validation Remote Code Execution
A remote code execution vulnerability has been reported in Joomla!. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...
ESF pfSense Snort snort_log_view.php Information Disclosure
An information disclosure vulnerability exists in the pfSense Snort service. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could use this vulnerability to retrieve valuable information from the server...
DirBuster Security Scanner
DirBuster is a vulnerability scanning product. Remote attackers can use DirBuster to detect vulnerabilities on a target server...
HP AIO Archive Query Server oasoa.exe Stack Buffer Overflow (CVE-2013-6189)
A stack buffer overflow vulnerability exists in HP Application Information Optimizer. The vulnerability is due to insufficient sanitization on the range of the opcode value. A remote unauthenticated attacker can leverage this vulnerability by sending crafted messages to the server...
ESF pfSense webConfigurator firewall_aliases_edit.php Input Validation Error
An input validation error vulnerability exists in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of user supplied input when processing the addressN parameter in firewallaliasesedit.php. A remote authenticated attacker could exploit this vulnerability...
OpenSSL ssl_get_algorithm2 TLS Denial of Service (CVE-2013-6449)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in sslgetalgorithms2 where the SSL/TLS version is obtained from an incorrect structure leading to a NULL pointer dereference when computing a message digest. A remote unauthenticated attacker can...
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
A denial of service vulnerability has been reported in Apache Tomcat. This vulnerability is due to Tomcat not discarding any extensions included in very long Chunked-transfer requests, even if they were not processed. A remote attacker could exploit this vulnerability by sending a large amount of...
phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)
A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...
Adobe Flash Player Memory Corruption (APSB14-07: CVE-2014-0499)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
WordPress Plugin AdRotate SQL Injection (CVE-2014-1854)
An SQL injection vulnerability has been reported in the AdRotate plugin for WordPress. Remote attacker can exploit this vulnerability to execute arbitrary SQL commands on the target...
Adobe Flash Player Memory Corruption (APSB14-07: CVE-2014-0498)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft WordPad Text Converter Buffer Overflow - Ver2 (CVE-2010-2563)
A buffer overflow vulnerability has been reported in Microsoft Windows Server 2003 Service Pack 2. A remote attacker could trigger this vulnerability by enticing a vulnerable target to open a specially crafted document file. Successful exploitation of this vulnerability could allow a remote...
Redmine Repository Controller Command Execution - Ver2 (CVE-2011-4929)
A command execution vulnerability has been reported in Redmine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Mozilla Firefox Link Tag Code Execution - Ver2 (CVE-2005-1155)
A code execution vulnerability has been reported in Mozilla Firefox and Mozilla Mozilla. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Firefox Hyphenated URL Buffer Overflow - Ver2 (CVE-2005-2871)
A buffer overflow vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Windows MP3 Media File Format Parsing Code Execution - Ver2 (CVE-2009-2499)
A code execution vulnerability has been reported in Microsoft Windows. A remote attacker could exploit this vulnerability by convincing a user to open a specially crafted MP3 file or receive specially crafted streaming content. Successful exploitation of this vulnerability could allow a remote...
Mozilla Firefox Javascript Deleted Frame Reference Code Execution - Ver2 (CVE-2006-3801)
A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SAP Internet Transaction Server wgate.dll service Parameter XSS - Ver2 (CVE-2003-0749)
A cross-site scripting vulnerability has been reported in SAP Internet Transaction Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Microsoft Office Excel Field Sanitization Remote Code Execution (MS09-067) - Ver2 (CVE-2009-3134)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...
Adobe Reader JavaScript spell.customDictionaryOpen Method Memory Corruption - Ver2 (CVE-2009-1493)
Adobe develops products for creating, distributing, and viewing Portable Document Format PDF documents. Adobe Reader is a viewer application that allows for reading and the printing of PDF documents. Adobe Acrobat provides PDF authoring functionality in addition to those of viewing. A buffer...
Oracle Java java.util.concurrent.ConcurrentHashMap Memory Corruption - Ver2 (CVE-2013-2426)
A memory corruption vulnerability has been reported in Oracle Java. This protection will detect and block attempts to exploit this vulnerability...
Microsoft Excel Embedded Object Validation Integer Overflow - Ver2 (CVE-2008-3477)
An integer overflow vulnerability has been reported inMicrosoft Office Excel. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Neutrino Exploit Kit Landing Page Code Execution
Neutrino is an exploit kit that operates by delivering malicious payload to a victim's computer. Remote attackers can infect users with Neutrino by enticing them to visit a malicious landing page...