13538 matches found
EMC AlphaStor Device Manager Command Injection - Improved performance (CVE-2013-0928)
A remote command execution vulnerability has been reported in EMC AlphaStor Device Manager. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful...
Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading (MS11-003) - ver 2 (CVE-2011-0038)
A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the loading of IESHIMS.DLL. A remote attacker can exploit this vulnerability by enticing a target user to save a maliciously crafted dynamic link library DLL file on...
Cisco Prime LAN Management Solution Remote Command Execution (CVE-2012-6392)
A remote command execution vulnerability exists in Cisco Prime LAN Management Solution. The vulnerability is due to use of non encrypted connection with the server. A successful exploitation would allow the attacker to execute commands, and send files...
Adobe Reader Crafted JP2K Heap Overflow (APSB13-02; CVE-2013-0621)
Adobe Reader is vulnerable to a heap overflow when parsing a specially crafted JP2K object...
Adobe Reader Crafted XSL Remote Code Execution (APSB13-02; CVE-2012-1530)
Adobe Reader is vulnerable to arbitrary code execution when a certain function is called from a specially crafted XSL file embedded within a PDF file...
Digium Asterisk HTTP Management Interface Stack Overflow (CVE-2012-5976; CVE-2013-2686)
A stack overflow vulnerability has been reported in Digium Asterisk. The vulnerability is due to an unchecked memory allocation on the stack, which can result in a stack overflow or writing of attacker-controlled data to arbitrary memory locations. A remote attacker can use this vulnerability by...
Adobe Reader Stack Exhaustion Code Execution (APSB13-02; CVE-2013-0626)
A stack buffer overflow exists in Adobe Reader. The vulnerability is due to an error when parsing a specially crafted PDF file. Successful exploitation would cause the application to crash, resulting in a denial of service condition...
Adobe Acrobat Reader Open Type Integer Overflow (APSB13-02; CVE-2013-0604)
Adobe Reader is vulnerable to an integer overflow when parsing specially crafted Open Type font files...
Adobe Acrobat Reader Hybrid File Cross-Site Scripting (APSB13-02; CVE-2013-0624)
A remote security bypass vulnerability allows attackers to bypass intended access restrictions via unspecified vectors...
Adobe Reader Malformed JavaScript Security Bypass (APSB13-02; CVE-2013-0622)
A remote security bypass vulnerability allows attackers to bypass intended access restrictions via unspecified vectors...
Ruby on Rails XML Processor YAML Deserialization Code Execution (CVE-2013-0156)
A remote code execution vulnerability exists in Ruby on Rails...
Adobe Acrobat Reader True Type Font Parsing Remote Code Execution (APSB13-02; CVE-2013-0623)
Adobe Acrobat Reader is vulnerable to a parsing logic error in True Type Font handling. The vulnerability is due to an out of bound memory read and write access. Successful exploitation could cause the application to crash and possibly lead to code execution...
NFR Agent Heap Overflow (CVE-2012-4956)
...
Novell File Reporter Agent Arbitrary File Delete (CVE-2011-2750)
A policy bypass vulnerability exists in Novell File Reporter. The vulnerability allow a remote attacker to delete arbitrary files using OPERATION 4 commands, respectively.A remote unauthenticated attacker can leverage the vulnerability to delete arbitrary files, including system files, from the...
Microsoft Internet Explorer Cloned Object Memory Corruption (MS09-002; CVE-2009-0075)
A vulnerability exists in the way Internet Explorer 7 accesses an object that has been deleted, which can cause memory corruption. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in suc...
Nagios history.cgi Parameter Buffer Overflow
A stack buffer overflow vulnerability exists in Nagios. The vulnerability is due to insufficient validation of the host parameter. An authenticated user can exploit this vulnerability by sending an overly long host value to the affected application...
Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)
A denial of service vulnerability has been reported in Apache Tomcat. The vulnerability is due to an infinite loop in NIO Connector when a client breaks the connection in the middle of reading the response for a request to a big file. An unauthenticated, remote attacker can exploit this...
Dell SonicWALL Scrutinizer SQL Injection (CVE-2012-2962)
An SQL injection vulnerability has been reported in Dell SonicWALL Scrutinizer...
Apple QuickTime ActiveX Control Clear Method Use-After-Free (CVE-2012-3754)
A use-after-free vulnerability has been reported in Apple QuickTime's ActiveX control...
GIMP XWD File Handling Stack Buffer Overflow (CVE-2012-5576)
A stack-based buffer overflow vulnerability exists in GNU Image Manipulation Program GIMP...
Foxit Reader Insecure Library Loading
A code execution vulnerability has been reported in Foxit Reader. The vulnerability is due to an error in a dynamic link library DLL search path. A remote attacker could exploit this vulnerability by enticing a user to open a file from a directory, which also contains a malicious DLL. Successful...
Oracle Java JmxMBeanServer Package Sandbox Breach (CVE-2013-0422)
Two vulnerabilities have been reported in Oracle Java that can be used to breach the security sandbox. The first vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package. The second vulnerability is due to an access control failure in the invokeWithArguments method...
VideoLAN VLC Media Player PNG Code Execution (CVE-2012-5470)
A buffer overread vulnerability has been reported in VideoLAN VLC Media Player...
Webmin show.cgi Command Execution (CVE-2012-2982)
A command execution vulnerability has been reported in Webmin...
Novell File Reporter FSFUI Arbitrary File Retrieval (CVE-2012-4958)
A file retrieval vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests, resulting in the retrieval of the contents of a file. A remote attacker can exploit this issue by sending a specially crafted request to the affected...
Wibu-Systems WibuKey Runtime for Windows ActiveX Control Buffer Overflow
A stack-based buffer overflow vulnerability has been reported in Wibu-Systems WibuKey Runtime for Windows...
FreeBSD nfsd NFS Mount Request Data Length Denial of Service (CVE-2006-0900)
A denial of service vulnerability was detected in the NFS server. An error was detected in the part of the NFS server code that handles incoming RPC messages via TCP. When the server receives a message with a zero-length payload, it would cause a NULL pointer dereference, allowing a remote attack...
Oracle Database Control Component Denial of Service (CVE-2007-5530)
There exists a denial of service vulnerability in the Oracle Database Server...
Microsoft SSL and TLS Protocol Security Feature Bypass (MS13-006; CVE-2013-0013)
A security feature bypass vulnerability has been reported in the Microsoft Windows SSL/TLS...
Eaton MGE Network Shutdown Module Remote PHP Code Injection
A remote code execution vulnerability has been reported in Eaton MGE Network Shutdown Module...
Microsoft System Center Operations Manager Cross-Site Scripting (MS13-003; CVE-2013-0009)
A cross-site scripting vulnerability has been reported in Microsoft System Center Operations Manager...
CA BrightStor ARCserve Backup Discovery Service Buffer Over-Read (CVE-2008-1979)
There exists a denial of service vulnerability in CA ARCserve Backup Discovery service. The vulnerability is due to insufficient input validation by the Discovery service. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to the target server. Successfu...
Microsoft OData WCF Replace Denial of Service (MS13-007; CVE-2013-0005)
A denial of service vulnerability has been reported in the OData specification...
Adobe Flash Player Malformed Actions Remote Code Execution (APSB12-22; CVE-2012-5268)
A remote code execution vulnerability has been reported in Adobe Flash Player...
NetDecision NOCVision Server Directory Traversal
Multiple directory traversal vulnerabilities have been reported NetDecision NOCVision...
Microsoft SCOM Web Console Cross-Site Scripting (MS13-003; CVE-2013-0010)
A cross-site scripting vulnerability has been reported in Microsoft System Center Operations Manager...
Microsoft Windows MSXML XSLT Remote Code Execution (MS13-002; CVE-2013-0007)
A remote code execution vulnerability has been reported in Microsoft Windows...
Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access (CVE-2012-2983)
A directory traversal has been reported in Webmin...
IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Code Execution
A buffer overflow vulnerability exists in IBM Lotus Notes...
Digium Asterisk IAX2 POKE Request Denial of Service (CVE-2008-3263)
A denial of service vulnerability has been reported in Digium Asterisk...
Cisco Linksys PlayerPT ActiveX Control Buffer overflow (CVE-2012-0284)
A remote code execution vulnerability has been reported in Cisco Linksys PlayerPT...
RabidHamster Log Entry sprintf() Buffer Overflow
A heap buffer overflow vulnerability exists in RabidHamster R4 web server...
Microsoft Exchange and Outlook TNEF Decoding Code Execution (CVE-2006-0002)
A buffer overflow vulnerability exists in the way Microsoft Exchange and Microsoft Outlook process TNEF encoded messages...
ClamAV UPX File Handling Heap Code Execution (CVE-2006-4018)
A heap buffer overflow vulnerability exists in the ClamAV AntiVirus product...
IBM Lotus Notes WPD Attachment Handling Code Execution (CVE-2008-4564)
A stack-based buffer overflow vulnerability exists in the IBM Lotus Notes WPD...
Kerberos Multi-realm KDC NULL Pointer Dereference Denial of Service (CVE-2013-1418)
A denial of service vulnerability has been reported in Kerberos. The vulnerability is due to a NULL pointer dereference within the setupserverrealm function when Kerberos is configured to serve multiple realms. A remote attacker can exploit this vulnerability by sending a malicious request to a...
RealNetworks RealPlayer WAV File Processing Code Execution (CVE-2005-0611)
A flaw exists in the way RealPlayer processes files encoded using the WAVE format. The vulnerability occurs when RealPlayer attempts to parse a crafted WAV file with an incorrect LIST chunk. An attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the...
Contaware FreeVimager GIF LZWMinimumCodeSize Memory Corruption
A memory corruption vulnerability has been reported in Contaware FreeVimager. The vulnerability is due to an error in processing GIF images containing an invalid value for the LZWMinimumCodeSize field. A remote attacker could exploit this vulnerability by enticing a user to open a malicious image...
Sophos Anti-Virus CAB Files Invalid typeCompress Parsing Heap Buffer Overflow
A buffer overflow vulnerability has been reported in Sophos Anti-Virus...
IBM Tivoli Monitoring Express Universal Agent Code Execution (CVE-2007-2137)
There exists a heap-based buffer overflow vulnerability in IBM Tivoli Monitoring Express...