13538 matches found
IBM Lotus Quickr qp2.cab ActiveX Control Integer Overflow (CVE-2013-3026)
A buffer overflow vulnerability exists in IBM Lotus Quickr for Domino. The vulnerability is due to an integer overflow within the qp2.cab ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. Successful...
HP ProCurve Manager SNAC GetDomainControllerServlet Policy Bypass
A policy bypass vulnerability has been reported in HP ProCurve Manager SNAC. The vulnerability is due to a design weakness in the GetDomainControllerServlet class. A remote attacker could exploit the vulnerability by sending specially crafted data to a vulnerable version of the software. Successf...
HP LoadRunner XDR Data Handling Heap Buffer Overflow (CVE-2013-4799)
A heap buffer overflow vulnerability exists in HP LoadRunner. The vulnerability is due to an insufficient check on the length value of XDR encoded data within an incoming request. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the...
Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)
A remote code execution vulnerability has been reported in ForemanRed Hat OpenStack. The vulnerability is due to improper sanitization of certain parameters. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation would allow an...
TCP Off Path Sequence Number Inference
An Internet connection hijack vulnerability has been reported in network devices...
PineApp Mail-SeCure confpremenu.php Install License Command Injection
A command injection vulnerability has been reported in PineApp Mail-SeCure...
Oracle Java Runtime Environment ShortComponentRaster.verify Memory Corruption (CVE-2013-2472)
A memory corruption vulnerability exists in Oracle's Java Runtime. The vulnerability is due to insufficient input validation on ShortComponentRaster.verify method parameters which will lead to bypassing of "dataOffsets0" boundary checks when the "numDataElements" field is 0. A remote attacker can...
Multiple Products XML System External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0054; CVE-2014-0423)
A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...
XnView PCT File Processing Buffer Overflow (CVE-2013-2577)
A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution ...
HP Data Protector CRS Opcode 235 Stack Buffer Overflow (CVE-2013-2325)
A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 235, which can result in a stack buffer overflow. A remote, unauthenticated...
Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)
A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...
PHP php_quot_print_encode Heap Buffer Overflow (CVE-2013-2110)
A heap buffer vulnerability exists in phpquotprintencode function in PHP...
Mozilla Firefox XMLSerializer use-after-free (CVE-2013-0753)
A use-after-free vulnerability has been reported in Mozilla Firefox...
HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)
A command injection vulnerability exists in HP SiteScope SOAP component...
Sun Java Web Start Double Quote Injection (CVE-2012-1533)
A remote code execution vulnerability has been in Java Web Start...
Apple QuickTime enof Atom Parsing Heap Buffer Overflow (CVE-2013-0986)
A remote code execution vulnerability has been reported in Apple QuickTime...
PineApp Mail-SeCure confpremenu.php Export Log Command Injection
A command execution vulnerability has been reported in PineApp Mail-SeCure...
Trimble Navigation SketchUp BMP File Buffer Overflow (CVE-2013-3664)
A remote code execution vulnerability exists in Trimble Navigation's Sketchup...
HP LeftHand Virtual SAN Appliance Hydra Login Code Execution (CVE-2012-3284)
A Code Execution vulnerability has been reported in HP LeftHand Virtual SAN Appliance...
PineApp Mail-SeCure conflivelog.pl Command Injection
A command injection vulnerability exists in PineApp Mail-SeCure. The vulnerability is due to an input validation error in conflivelog.pl of the administration interface. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful...
appRain CMF Arbitrary PHP File Upload (CVE-2012-1153)
An arbitrary file upload vulnerability has been reported in appRain's Content Management Framework...
Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)
The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...
ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution (CVE-2011-4535)
A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer...
Apple QuickTime alis Volume Name Parsing Stack Buffer Overflow (CVE-2013-1017)
A stack buffer overflow vulnerability has been reported in Apple QuickTime...
Tiki Wiki PHP unserialize() Remote Code Execution (CVE-2012-0911)
A remote code execution vulnerability has been reported in Tiki Wiki...
HP LoadRunner WriteFileString Directory Traversal - ver 2 (CVE-2013-4798)
A directory traversal and file overwrite vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient input sanitization, which permits directory traversal in theWriteFileString method. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visi...
Procyon Core Server HMI Memory Corruption SCADA Remote Code Execution (CVE-2011-3322)
A remote overflow vulnerability has been reported in Procyon Core Server HMI service...
HP LoadRunner lrFileIOService ActiveX Control Input Validation Error (CVE-2013-2370)
An input validation error has been reported in HP LoadRunner...
Chasys Draw IES BMP Buffer Overflow (CVE-2013-3928)
A buffer overflow vulnerability has been reported in Chasys Draw IES. The vulnerability is due to an image parsing input validation error in Chasys Draw IES when parsing a file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file. Successful exploitation will...
Microsoft Internet Explorer Memory Corruption (CVE-2013-3893)
A remote code execution vulnerability has been reported in Internet Explorer...
Oracle Endeca Server createDataStore Remote Command Execution (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
VLC Media Player ABC File Parts Field Parsing Heap Integer Overflow
A remote code execution vulnerability has been reported in the libmodplug library used by VLC Media Player. The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow. A remote attacker can exploit this vulnerability by enticing an...
Scada Engine BACnet OPC Client SCADA Remote Code Execution (CVE-2010-4740)
A buffer overflow vulnerability has been reported in SCADA Engine's BACnet OPC Client. The vulnerability is due to a boundary check error. A remote attacker may exploit this issue by sending specially crafted malicious file to be opened using the affected product. Successful exploitation could...
HP Data Protector CRS Multiple Opcodes Stack Buffer Overflow (CVE-2013-2324)
A buffer overflow vulnerability has been reported in HP Data Protector. The vulnerability exists in the Cell Request Service CRS.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcodes 207, 210, 236, 243, and 265 which can result in a stack buffer...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3207)
A remote code execution vulnerability exists in Internet Explorer...
Microsoft Word Memory Corruption (MS13-072: CVE-2013-3854)
A remote code execution vulnerability has been reported in Microsoft Word...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3206)
A remote code execution vulnerability exists in Internet Explorer...
Microsoft Excel Read Access Violation Remote Code Execution (MS13-073; CVE-2013-3158)
A remote code execution vulnerability has been reported in Microsoft Excel...
Microsoft Word Memory Corruption (MS13-072: CVE-2013-3856)
A remote code execution vulnerability has been reported in Microsoft Word...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3209)
A remote code execution vulnerability exists in Internet Explorer...
Microsoft Word Memory Corruption (MS13-072: CVE-2013-3852)
A remote code execution vulnerability has been reported in Microsoft Word...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3208)
A remote code execution vulnerability exists in Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3845)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft LDAP Remote Anonymous Denial of Service (MS13-079; CVE-2013-3868)
A denial of service vulnerability exists in implementations of Microsoft Active Directory...
WPD files
WordPerfect documents have common file extensions ".WP" and ".WPD", which is used by Corel's proprietary word processing application, WordPerfect. Its popularity was based on the fact that it had been available for a wide variety of computers and operation systems, including Mac OS, Linux, and...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3204)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft SharePoint POST Cross-site Scripting (MS13-067; CVE-2013-3180)
An elevation of privilege exists in Microsoft SharePoint Server...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3203)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3205)
A remote code execution vulnerability exists in Internet Explorer...
Microsoft FrontPage XML Information Disclosure (MS13-078; CVE-2013-3137)
An information disclosure vulnerability exists in FrontPage...