13538 matches found
Firefox HTML URL Unicode Stack Buffer Overflow - Ver2 (CVE-2008-0016)
A buffer overflow vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
B-net Software Content Management System shout.php name Parameter XSS - Ver2 (CVE-2006-0078)
A cross-site scripting vulnerability has been reported in Haddad Said B-net Software 1.0. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Multiple Antivirus Products TAR file parser Security Bypass - Ver2 (CVE-2012-1459)
A security bypass vulnerability has been reported in multiple antivirus products. A remote attacker could Successful exploitation of this vulnerability by using a specailly crafted TAR archive with a Tar archive entry with a length field corresponding to that entire entry, plus part of the header...
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
A denial-of-service vulnerability has been reported in PHP. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Windows Media Player ActiveX Missing Codec Code Execution - Ver2 (CVE-2010-0268)
A code execution vulnerability has been reported in Microsoft Windows Xp, Microsoft Windows Media Player and Microsoft Windows 2000. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft PowerPoint Converter SoundEntity Record Code Execution - Ver2 (CVE-2009-1128)
A code execution vulnerability has been reported in Microsoft Office PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafted older PowerPoint 95 formatted files. A remote attacker could exploit this vulnerability by...
Microsoft PowerPoint TxMasterStyle10Atom Processing Code Execution (MS08-051) - Ver2 (CVE-2008-1455)
Microsoft PowerPoint is a popular presentation program. . A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory calculation error in Microsoft PowerPoint when parsing bullet list values in specially crafted PowerPoint files. A remo...
Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)
A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...
Microsoft Windows LNK PIF Code Execution - Ver2 (CVE-2010-2568)
A code execution vulnerability has been reported in Microsoft Windows 7, Microsoft Windows Vista, Microsoft Windows Xp, Microsoft Windows 2003 Server, Microsoft Windows Server 2003 and Microsoft Windows Server 2008. Successful exploitation of this vulnerability could allow a remote attacker to...
Microsoft Windows Object Packager Dialogue Spoofing Command Execution - Ver2 (CVE-2006-4692)
A command execution vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CsSearch csSearch.cgi Arbitrary Command Execution - Ver2 (CVE-2002-0495)
A command execution vulnerability has been reported in Cgiscript.net Cssearch. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Internet Explorer Mouse Drag Hijack Arbitrary File Execution - Ver2 (CVE-2004-0841)
An arbitrary file execution vulnerability has been reported in Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute and install arbitrary programs on the affected system...
Microsoft Office Excel Record Parsing Use After Free (MS11-072) - Ver2 (CVE-2011-1986)
A remote code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to lack of validation of certain record structures while handling specially crafted Excel files. A remote attacker could trigger this vulnerability by enticing an unsuspecting user to open ...
Microsoft Works File Converter Heap Overflow - Ver2 (CVE-2012-0177)
A buffer overflow vulnerability has been reported in Microsoft Works. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Illustrator EPS File DSC Comment Buffer Overflow - Ver2 (CVE-2009-4195)
Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals, including web and interactive designers and developers, multimedia producers, motion graphics and visual effects designers, animators, and video professionals. A buffer overflow vulnerability has...
Microsoft Internet Explorer createTextRange Denial of Service - Ver2 (CVE-2006-1359)
A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Oracle Java FileDialog.Show Heap Buffer Overflow - Ver2 (CVE-2011-0802)
A remote code execution vulnerability has been reported in Oracle Java Runtime Environment.The vulnerability is due to insufficient validation of the selected file's default values size. A remote attacker could exploit this vulnerability by enticing an unsuspecting user to open a web page...
MSN Messenger UIAutomation ActiveX Control Information Disclosure (MS08-050) - Ver2 (CVE-2008-0082)
Windows Messenger, MSN Messenger, and Windows Live Messenger are popular instant messaging clients for Microsoft Windows. An information disclosure vulnerability exists in Windows Messenger, MSN Messenger, and Windows Live Messenger. The vulnerability is caused by an ActiveX control that is marke...
HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)
Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...
HP LoadRunner Virtual User Generator saveCodeRuleFile Directory Traversal (CVE-2013-4838)
A directory traversal vulnerability exists in HP LoadRunner Virtual User Generator. The vulnerability exists in the EmulationAdmin web service. The vulnerability is due to insufficient validation on the parameters of saveCodeRuleFile method sent via SOAP requests. A remote unauthenticated attacke...
Suspicious Non-Alphanumeric JavaScript Encoding
Certain evasion tools can obfuscate JavaScript code in order to circumvent security software. Successful exploitation could allow attackers to execute arbitrary code on the target...
Multiple Routers HNAP Insecure Implementation Privilege Escalation
Multiple routers are vulnerable to insecure implementations of the Home Network Administration Protocol HNAP. This vulnerability could allow unauthenticated users to view and configure administrative settings on the router...
Suspicious Html Encoding Within HTTP Responses
Html code can be encoded within HTTP responses. Such behavior can be used to circumvent security software...
Cisco WebEx Player ATAS32.DLL Remote Code Execution (CVE-2011-4004)
A remote code execution vulnerability has been reported in Cisco WebEx Player. The vulnerability is due to insufficient validation of some values in record Type 0x1F and Type 0xBB while processing WebEx Recording Format WRF files. A remote unauthenticated attacker can leverage this vulnerability ...
ISC BIND NSEC3-Signed Zones Queries Processing Denial of Service (CVE-2014-0591)
A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a failure to handle queries for NSEC3-signed zones. A remote attacker may exploit this vulnerability by sending a specially crafted query...
Suspicious HTML Containing Overly Long Text (CVE-2013-2551)
HTML files may include a text tag containing an overly long and suspicious strings. This behavior may indicate an exploitation attempt...
Joomla ofc_upload_image.php Unrestricted File Upload (CVE-2009-4140)
A remote code execution vulnerability has been reported in Joomla. The vulnerability is due to improper validation. A remote attacker can exploit this issue by uploading a specially crafted php file to the target...
Adobe Acrobat and Reader Memory Corruption (APSB14-01; CVE-2014-0495)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a memory corruption. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an attacker to execute...
Adobe Flash Player Double Free Remote Code Execution (APSB14-07; CVE-2014-0502)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful exploitation would allow an attacker to take complete control of the affected system...
PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)
A Code Injection vulnerability has been reported in PhpMyAdmin. The vulnerability is due to misconfiguration of PhpMyAdmin server. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in attacker-controlled script...
Novell Open Enterprise Server HTTPSTK Denial of Service (CVE-2013-3707)
A denial of service vulnerability exists in the HTTPSTK service in Novell Open Enterprise Server. The vulnerability is because the HTTPSTK service does not close TCP connections properly after a TCP handshake. A remote unauthenticated attacker can exploit this vulnerability by creating several...
Google Chrome XSSAuditor Filter Security Policy Bypass
A policy bypass vulnerability exists in Google Chrome. The vulnerability is due a design weakness in Chrome XSSAuditor. By inserting JavaScript in the srcdoc attribute of an IFRAME tag, the Cross-Site Scripting filter can be bypassed. An attacker can exploit this weakness to further facilitate...
Adobe Acrobat and Reader Memory Corruption (APSB14-01; CVE-2014-0493)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Oracle Java JNDI Sandbox Bypass (CVE-2014-0422)
A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to the insecure getContextClassLoader method in the JNDI component. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...
IBM Rational Focal Point RequestAccessController Servlet Information Disclosure (CVE-2013-5398)
An information disclosure vulnerability has been reported in IBM Focal Point. The vulnerability is due to input validation error of file variable in com.telelogic.focalpoint.pres.controller.RequestAccessController servlet. A remote unauthenticated attacker could exploit this vulnerability to read...
IBM Forms Viewer XFDL Form Processing Stack Buffer Overflow (CVE-2013-5447)
A stack buffer overflow vulnerability exists in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially...
PHP Filter Wrapper Information Disclosure
An information disclosure vulnerability has been reported in the PHP filter wrapper function. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...
Oracle Fusion Middleware Remote File Inclusion
A remote file inclusion vulnerability has been reported in the Oracle Reports component of Oracle Fusion Middleware. The vulnerability is due to incorrect website configuration that could allow a remote attacker to execute unauthenticated network attacks over HTTP...
EMC CMCNE http-file-upload.war FileUploadController Arbitrary File Upload (CVE-2013-6810)
A code execution vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of http-fileupload .war when processing HTTP requests. A remote unauthenticated...
Google Picasa CR2 TIFF StripByteCounts Integer Overflow (CVE-2013-5357)
An integer overflow vulnerability exists in Google Picasa. The vulnerability is due to a failure to validate StripByteCounts value when processing CR2 TIFF files. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted CR2 image file with a vulnerable versi...
IBM Rational Focal Point Login Servlet Information Disclosure (CVE-2013-5397)
An information disclosure vulnerability has been reported in IBM Rational Focal Point. The vulnerability is due to an input validation error of the file variable in com.telelogic.focalpoint.pres.controller.LoginController servlet. A remote, unauthenticated attacker could exploit this vulnerabilit...
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload (CVE-2013-3215)
A remote code execution vulnerability has been reported in VTiger CRM.The vulnerability is due to lack of validation of file types uploaded to the server throught the AddEmailAttachment SOAP service. A remote attacker can exploit this vulnerability to access the script remotely and have it run th...
Adobe Flash Player Memory Corruption (APSB13-26; CVE-2013-5330)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
MW6 Technologies Aztec ActiveX Control Buffer Overflow (CVE-2013-6040)
A buffer overflow vulnerability exists in MW6 Technologies Aztec ActiveX Control. The vulnerability is due to improperly handled user input in the 'Data' parameter. A remote attacker could exploit the vulnerability via a specially crafted web page...
Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)
An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...
FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow (CVE-2014-1452)
A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote,unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of bsnm...
Microsoft Internet Explorer Use-After-Free Code Execution (CVE-2014-0322)
A use-after-free vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHP Easter Egg Information Disclosure
An information disclosure vulnerability has been reported in the PHP pages. The vulnerability is due to incorrect web server configuration. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...
Microsoft Word File Handling Memory Corruption (MS08-009) - ver 2 (CVE-2008-0109)
Microsoft Word is a popular word processor. By sending a specially crafted Word document, an attacker can cause a memory corruption, and remotely execute arbitrary code on the affected system...