13538 matches found
cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)
The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...
Nagios XI Autodiscovery Arbitrary Command Execution
An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...
Microsoft .NET Framework WinForms Information Disclosure (CVE-2013-0001)
A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way WinForms handles pointers to unmanaged memory locations.A remote, unauthenticated attacker can exploit this vulnerability by either enticing a user to visit a maliciously...
SAP NetWeaver Message Server Memory Corruption (CVE-2013-1592)
A code execution vulnerability has been reported in SAP NetWeaver Message Server. The vulnerability is due to an array index error in the function MsJ2EEAddStatistics. A remote attacker can exploit this vulnerability by sending a specially crafted message to a vulnerable server...
Opera SVG clipPath Use After Free Memory Corruption (CVE-2013-1638)
A use-after-free vulnerability has been reported in Opera web browser. The vulnerability is due to an error while parsing SVG content. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file with a vulnerable version of Opera...
Ubisoft Uplay 2.0.3 ActiveX Control Arbitrary Code Execution (CVE-2012-4177)
A remote code execution vulnerability exists in Ubisoft Uplay 2.0.3. The vulnerability is due to insufficient verification of a command path parameter value when parsing a Uplay ActiveX object. A remote attacker can exploit this vulnerability by enticing a user to open a webpage that contains a...
Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow (CVE-2013-0418)
A heap buffer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to an error when processing Coords structure for loda chunks of type 3 Line/Curve. Remote attackers could exploit the vulnerability to inject and execute arbitrary code in the context of the vulnerable...
Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow (CVE-2012-5960)
A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing service name URIs in the function called from the SSDP protocol parser. A remote attacker can exploit this vulnerability to execute...
Microsoft XML Core Services Integer Truncation Memory Corruption (MS13-002; CVE-2013-0006)
A memory corruption vulnerability exists in Microsoft XML Core Services. The vulnerability is due to an integer truncation error while Microsoft XML Core Services parses XML content. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted website...
Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow (CVE-2012-5959)
A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing UUID: service name URIs in the uniqueservicename function called from the SSDP protocol parser. Remote unauthenticated attackers can explo...
WebPageTest Directory Traversal
This module exploits a directory traversal vulnerability found in WebPageTest 2.6...
QuickShare File Server Directory Traversal
A directory traversal vulnerability has been reported in QuickShare File Server...
Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass (CVE-2012-2626)
An authentication bypass vulnerability has been reported in Plixer Scrutinizer NetFlow and sFlow Analyzer...
Microsoft DirectPlay Office File Handling Invalid Memory Free (MS12-082; CVE-2012-1537)
An invalid memory free vulnerability exists in Microsoft DirectPlay...
IBM Java ProxyUtil Sandbox Breach (CVE-2012-4820)
A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to an access control failure in the "com.ibm.rmi.util.ProxyUtil" package. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page...
Microsoft DNS Server Denial of Service - Specific (MS12-017; CVE-2012-0006)
A denial of service vulnerability has been reported in Microsoft DNS servers. The vulnerability is due to the way that the DNS server improperly handles objects in memory when looking up the resource record of a domain. A remote attacker may exploit this issue by sending a specially crafted DNS...
Nagios XI Alert Cloud Cross-Site Scripting
A reflected cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient sanitization of HTTP GET requests sent to index.php. An attacker entices a user to click on a URL containing malicious script code in the parameters. The vulnerability is...
PHP apache_request_headers Function Buffer Overflow (CVE-2012-2329)
A buffer overflow was reported in the apacherequestheaders function in PHP. The vulnerability is due to the insecure handling of the HTTP headers. An attacker can exploit this issue by sending a specially crafted HTTP request to the target server. Successful exploitation may allow the attacker to...
Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)
An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...
Adobe ColdFusion Authentication Bypass (CVE-2013-0632)
An authentication bypass vulnerability has been reported in ColdFusion servers. A remote attacker could trigger this through Remote Development Services RDS or Administrator interfaces if they do not require authentication or through CSRF if APSB12-26 has not been applied...
Csound Hetro File Handling Stack Buffer Overflow (CVE-2012-0270)
A stack buffer overflow vulnerability has been reported in Csound. The vulnerability is due to the improper validation of specially crafted hetro files. A remote attacker can exploit this issue by enticing the victim to accept and open a specially crafted file. Successful exploitation would resul...
Ruby on Rails JSON Processor YAML Deserialization Code Execution (CVE-2013-0333)
A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...
Non Compliant Scada Modbus Write File Record
...
Scada Modbus Function Code Scan
...
3ivx MPEG-4 MP4 File Handling Stack Overflow - Specific (CVE-2007-6401)
There exists a buffer overflow vulnerability in 3ivx MPEG-4. Specifically, the vulnerability is due to improper handling of MP4 files by the 3ivx MPEG-4 codec plugin. A remote attacker can exploit this vulnerability by enticing the target user to open crafted MP4 file, potentially causing arbitra...
Adobe Reader PDF File DLL Injection Remote Code Execution (APSA13-02; CVE-2013-0640)
A remote code execution vulnerability has been reported in Adobe Reader. The vulnerability is due to a dll injection while handling malformed PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an...
Microsoft Windows Common Controls OLE Remote Code Execution (MS13-020; CVE-2013-1313)
A remote code execution vulnerability has been reported in Microsoft Windows...
Internet Explorer InsertElement Use After Free (MS13-009; CVE-2013-0026)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Eurograbber
The Eurograbber Trojan targets bank customers. The attack infects computers and mobile devices. The Trojan attempts to steal money from the victim's bank account...
Internet Explorer CObjectElement Use After Free (MS13-009; CVE-2013-0028)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer CHTML Use After Free (MS13-009; CVE-2013-0029)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer CMarkup Use After Free (MS13-009; CVE-2013-0020)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer VML Objects Memory Corruption (MS13-009; CVE-2013-0030)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VML buffers are allocated. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially crafted web page. An attacke...
Internet Explorer CPasteCommand Use After Free (MS13-009; CVE-2013-0027)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer vtable Use After Free Memory Corruption (MS13-009; CVE-2013-0021)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Internet Explorer SetCapture Use After Free (MS13-009; CVE-2013-0018)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer SLayoutRun Use After Free (MS13-009; CVE-2013-0025)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer pasteHTML Use After Free (MS13-009; CVE-2013-0024)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Windows Media Decompression Remote Code Execution (MS13-011; CVE-2013-0077)
A remote code execution vulnerability has been reported in Microsoft Windows...
Internet Explorer CDispNode Use After Free (MS13-009; CVE-2013-0023)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Postfix IPv6 Relaying Security Issue (CVE-2005-0337)
There is a vulnerability in the way Postfix handles the relaying of e-mail messages A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6addresses...
Internet Explorer LsGetTrailInfo Use After Free (MS13-009; CVE-2013-0022)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer SLayoutRun Use After Free (MS13-009) - High Confidence (CVE-2013-0025)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Internet Explorer Shift JIS Character Encoding (MS13-009; CVE-2013-0015)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Internet Explorer COmWindowProxy Use After Free (MS13-009; CVE-2013-0019)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Adobe Flash Player SWF File Buffer Overflow (APSB13-04; CVE-2013-0633)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an improper buffer allocation while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player ActionScript Code Heap Buffer Overflow (APSB13-04; CVE-2013-0634)
A remote code execution vulnerability has been reported in Adobe Flash Player...
Sourcefire Snort rule20275eval Buffer Overflow
A buffer overflow vulnerability has been reported in a pre-compiled Snort rule distributed by Sourcefire. The vulnerability is due to a stack buffer overflow in rule 3:20275.A remote attacker can exploit this issue by sending a malicious response packet containing a overly long message to the...
Adobe Reader and Acrobat rt3d.dll Buffer Overflow (APSB11-03; CVE-2011-0606)
A stack-based buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability occurs in the rt3d.dll while processing a pdf file. A remote attacker could trigger this issue via a specially crafted file. Successful exploitation could result in arbitrary code executio...
Advantech WebAccess HMI and SCADA Software Cross-Site Scripting
A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser...