13538 matches found
Oracle MySQL for Windows Elevation of Privilege (CVE-2012-5613)
A remote code execution vulnerability has been reported in Oracle MySQL servers...
TWiki MAKETEXT Remote Command Execution (CVE-2012-6329)
The vulnerability is due to lack of input sanitization in the affected function. A remote attacker can exploit this issue by sending a specially crafted input to the application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands...
Apache Web Server Plesk Control Panel Configuration Code Execution
A remote code execution vulnerability that affects Apache web servers has been reported in Plesk Control Panel...
DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)
A PHP code injection vulnerability has been reported in DataLife Engine 9.7...
HP System Management Home Page Command Injection (CVE-2013-3576)
A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...
vBSEO Remote PHP Code Injection (CVE-2012-5223)
A Remote PHP Code Injection has been reported in vBSEO...
Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)
A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...
Oracle Java Font Parsing mort Table Ligature Subtable Buffer Overflow
A stack buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to validate the data TrueType TTF font file. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged...
Mutiny FrontEnd Arbitrary File Upload (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet file upload function from the frontend on the Mutiny 5 appliance. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root...
Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)
The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...
Preemptive Protection against Microsoft Office File Parsing Buffer Overflow (MS13-051; CVE-2013-1331)
A remote code execution vulnerability has been reported in Microsoft Office...
Cisco WebEx Recording Format Player atas32.dll Integer Overflow (CVE-2012-1336)
A code execution vulnerability has been reported in Cisco WebEx Recording Format WRF Player. The vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and...
IBM SPSS SamplePower Vsflex8l ActiveX Control Buffer Overflow (CVE-2012-5945)
A code execution vulnerability exists in the VsVIEW6.ocxActiveX control, which is shipped as part of IBM SPSS SamplePower...
BigAnt Server DDNF Request Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in BigAnt Server...
SAP NetWeaver SXPG_CALL_SYSTEM Remote Code Execution
A vulnerability has been reported in SAP NetWeaver SXPGCALLSYSTEM...
OPC UA Delete Subscriptions Response Command
...
MiniUPnP MiniUPnPd ProcessSSDPRequest Denial of Service (CVE-2013-0229)
A denial of service vulnerability has been reported in MiniUPnP MiniUPnPd. The vulnerability is due to a boundary error in ProcessSSDPRequest function. A remote attacker can exploit this vulnerability by sending specially crafted packet to the target. Successful exploitation could cause the servi...
Microsoft Windows Remote Desktop Protocol Denial of Service (MS05-041) - High Confidence (CVE-2005-1218)
A vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP. Remote Desktop Protocol RDP lets users create a virtual session on their desktop computers, allowing them to access all the data and applications on their computers. To trigger the vulnerability, an attacker could send a...
Wordpress W3 Total Cache PHP Code Execution
A remote code execution vulnerability has been reported in Wordpress plugin W3 Total Cache.The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection...
EMC AlphaStor Library Control Program Multiple Buffer Overflows (CVE-2013-0946)
Multiple buffer overflow vulnerabilities has been reported in EMC AlphaStor Library Control Program LCP while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. An unauthenticated attackers can exploit this...
Squid Proxy Oversized Reply Header Handling - Improved Performance (CVE-2005-0241)
A denial of service vulnerability has been reported in Squid Web Proxy Cache server...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
MongoDB nativeHelper.apply Remote Code Execution (CVE-2013-1892)
A remote code execution vulnerability has been reported in MongoDB...
Citadel SMTP RCPT Remote Buffer Overflow - High Confidence (CVE-2008-0394)
The Citadel Server is a mail server product geared towards small and medium size organizations. The product implements POP3, IMAP4, and SMTP services. The SMTP server module is installed and started in a default installation. There exists a buffer overflow vulnerability in Citadel SMTP Server. Th...
PhpMyAdmin preg_replace Function Code Injection (CVE-2013-3238)
A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...
Adobe Flash Player Style Sheet Null Pointer Denial of Service (APSB13-15; CVE-2013-3329)
A denial of service vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a NULL pointer value when applying malformed badly formatted HTML text field. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Acrobat Reader Use-after-closed Sandbox Security Bypass (APSB13-15; CVE-2013-2550)
A sandbox Security Bypass vulnerability exists in Adobe Reader. This vulnerability could subvert the sandbox protection mechanism. The vulnerability could allow remote attackers to bypass intended sandbox restrictions...
HP Data Protector Create New Folder Buffer Overflow (CVE-2012-0124)
A stack buffer overflow vulnerability has been reported in HP Data Protector 5. The vulnerability is due to insecure handling of file names when creating new folders. An unauthenticated remote attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. A...
ACDSee FotoSlate PLP File id Parameter Overflow (CVE-2011-2595)
A parameter overflow vulnerability exists in ACDSee FotoSlate. The vulnerability is due to boundary errors in FSEngine4.dll when processing the "id" attribute certain tags. A remote attacker could trigger this flaw by tricking a victim into opening a specially crafted malicious .plp file...
Adobe ColdFusion Directory Traversal Information Disclosure (APSA13-03; CVE-2013-3336)
A directory traversal vulnerability has been reported in Adobe ColdFusion. The vulnerability is due to a design weakness in the ColdFusion application. A remote attacker may exploit this issue to retrieve arbitrary files from the target system via directory traversal...
Adobe Acrobat Reader Crafted RLE8 format BMP File Buffer Overflow (APSB13-15; CVE-2013-2729)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to a buffer overflow while loading specially crafted BMP image resources from a PDF file. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with ...
HP Intelligent Management Center ReportImgServlet Information Disclosure (CVE-2012-5203)
An information disclosure vulnerability has been reported in HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the ReportImgServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the targ...
Microsoft Office Malformed GIF File Processing Code Execution (MS06-039) - Improved Performance (CVE-2006-0007)
The Microsoft Office is a popular application suite that consists of several independent applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and others. The suite ships with a set of image processing helper libraries known as graphics filters. The graphics filters are used...
Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)
The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...
InduSoft Web Studio Unauthenticated Insecure Remote Operations - High Confidence (CVE-2011-4051)
A code execution vulnerability has been reported in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to the absence of authentication for incoming requests to the Remote Agent service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafte...
Microsoft Visio SVG File Information Disclosure (MS13-044; CVE-2013-1301)
An information disclosure vulnerability has been reported in Microsoft Visio. The vulnerability is caused when Microsoft Visio improperly handles XML external entities that are resolved within other XML external entity declarations. An attacker who successfully exploited this vulnerability could...
Internet Explorer Caching Use-after-free (MS13-037; CVE-2013-1306)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer CMarkupTransNavContext Use After Free (MS13-037; CVE-2013-1308)
A Code Execution vulnerability exists in Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way th...
Internet Explorer Initialization Error Use-after-free (MS13-037; CVE-2013-1307)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer Layout Use-after-free Code Execution (MS13-037; CVE-2013-1310)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer Deleted Object Use-after-free (MS13-037; CVE-2013-1311)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Preemptive Protection against Microsoft Lync Remote Code Execution (MS13-035; CVE-2013-1302)
A remote code execution vulnerability has been reported in Microsoft Lync. The vulnerability is due the way Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to accept an invitation to launch specially...
Windows Live Essentials Improper URI Handling Vulnerability (MS13-045; CVE-2013-0096)
An information disclosure vulnerability exists when Windows Live Writer fails to properly handle a specially crafted URL. An attacker who successfully exploited this vulnerability could perform various actions on behalf of the logged-on user. These actions include the ability to overwrite files a...
Internet Explorer Json Information Disclosure (MS13-037; CVE-2013-1297)
An information disclosure vulnerability exists in Internet Explorer versions 7, 8, and 9 on Windows Vista and Windows 7. An attacker who successfully exploited this vulnerability could view the contents of protected JSON files...
Microsoft .NET XML Digital Signature Spoofing (MS13-040; CVE-2013-1336)
A spoofing vulnerability has been reported when the Microsoft .NET Framework fails to properly validate the signature of specially crafted XML files. Successful exploitation would allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file...
Internet Explorer Deleted Object Code Execution (MS13-037; CVE-2013-1312)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)
A buffer overflow vulnerability exists in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability may lead to memory corruption in such a way that will allow code execution in the context of the current user...
Microsoft Windows SMB Client Repeated Negotiation Responses (MS10-006) - High Confidence (CVE-2010-0017)
A remote code execution vulnerability has been reported in the Microsoft Server Message Block SMB Protocol. The vulnerability is due to a race condition in the Microsoft SMB implementation that fails to properly handle specially crafted SMB responses. A remote attacker could exploit this flaw by...
Sun Java GIF File Handling Memory Corruption - Improved Performance (CVE-2007-0243)
Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java is wide...
HP Data Protector Manager MMD Service Stack Buffer Overflow - Improved Performance
HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. A stack buffer overflow vulnerability has been reported in HP Data Protector manager...