13538 matches found
Oracle Outside In Excel Remote Code Execution (CVE-2018-3010)
An out-of-bounds write vulnerability exists in Oracle Outside-In. This vulnerability is due to improper handling of a PropertySetStream stream of an Excel document. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the affected application...
TBKvision Firmware Authentication Bypass (CVE-2018-9995)
An authentication bypass vulnerability exists in TBKvision Firmware. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Microsoft JET Database Engine Heap-based Buffer Overflow (CVE-2018-8392)
A heap-based buffer overflow vulnerability exists in the Microsoft Jet Database Engine Jet. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit the vulnerability by enticing a user to open a specially crafted Excel file...
HPE Intelligent Management Center PLAT Stack Buffer Overflow (CVE-2018-7074)
A stack buffer overflow vulnerability has been reported in HPE Intelligent Management Center PLAT. The vulnerability is due to an overly large block size parameter provided in the TFTP packet data. Successful exploitation could results in arbitrary code execution under the context of the SYSTEM. ...
Microsoft Internet Explorer Use After Free (CVE-2020-0674)
A use-after-free vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)
A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear as if the file was from a trusted source...
IBM Ricoh Infoprint Printer Cross-Site Scripting
A cross-site scripting vulnerability exists in IBM Ricoh Infoprint Printer. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...
Android Binder Use After Free (CVE-2019-2215)
A use-after-free vulnerability exists in Android Binder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Prima Systems FlexAir Authentication Bypass (CVE-2019-7667)
An authentication bypass vulnerability exists in Prima Systems FlexAir Access Control Database. Successful exploitation of this vulnerability could allow an attacker to download the database file, disclose login information, and have full access to the system...
Microsoft Windows RDP Gateway Server Remote Code Execution (CVE-2020-0609)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows RDP Gateway Server Remote Code Execution (CVE-2020-0610)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2020-0634)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows DHCP Server Remote Code Execution (CVE-2019-0725)
A remote code execution vulnerability exists in Microsoft DHCP server. The vulnerability is due to improper processing of DHCP response messages, causing memory corruption. A remote attacker could exploit this vulnerability by sending maliciously crafted DHCP responses to a vulnerable target...
Haxx Libcurl NTLM Buffer Overflow (CVE-2019-3822)
A buffer overflow vulnerability exists in Haxx Libcurl. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Nagios XI Command Injection (CVE-2019-20197)
A command Injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
D-Link DIR-859 Information Disclosure (CVE-2019-20213)
An information disclosure vulnerability exists in D-Link DIR-859. Successful exploitation of this vulnerability could result in authentication bypass...
Advantech WebAccess Stack-based Buffer Overflow (CVE-2018-18999)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within BwPAlarm.dll. A remote, unauthenticated attacker could exploit this vulnerability by sending a...
Citrix Multiple Products Directory Traversal (CVE-2019-19781)
A directory traversal vulnerability exists in multiple Citrix products. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server...
D-Link DIR-859 Remote Code Execution (CVE-2019-17621; CVE-2022-36756; CVE-2022-37053)
A remote code execution vulnerability exists in D-Link DIR-859. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Belkin Wemo UPnP Remote Code Execution
A remote code execution vulnerability is exists in Belkin Wemo UPnP. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the affected system...
HomeAutomation Remote Code Execution
A remote code execution vulnerability exists in HomeAutomation. Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the affected system...
Fusionpbx Command Execution (CVE-2019-15029)
A command execution vulnerability exists in Fusionpbx. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
MongoDB mongo-express Remote Code Execution (CVE-2019-10758)
A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization
An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by the TopoDebugServlet while having vulnerable classes in the code path. A remote, authenticated attacker can exploit this vulnerability...
LAquis SCADA LGX Out-Of-Bounds Write (CVE-2018-18986)
An out-of-bounds write vulnerability exists in the LAquis SCADA. This vulnerability is due to improper validation of user-supplied data when parsing the LGX report file. Successful exploitation would result in a denial of service condition...
UltraVNC VNC Server Stack-based Buffer Overflow (CVE-2019-8276)
A stack-based buffer overflow vulnerability exists in the VNC Server of UltraVNC. This vulnerability is due to improper handling of file transfer request from a client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Exchange Privilege Escalation (CVE-2019-0724)
An elevation of privilege vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Buffalo TeraStation Command Injection (CVE-2018-13318; CVE-2018-13320; CVE-2018-13321)
A command Injection vulnerability exists in Buffalo TeraStation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Aveva Indusoft Web Studio Remote Code Execution (CVE-2018-8840)
A remote code execution vulnerability exists in indusoft web studio. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Buffalo TeraStation Directory Traversal (CVE-2018-13322)
A directory traversal vulnerability exists in Buffalo TeraStation TS5600D. Successful exploitation of this vulnerability would allow a remote attacker to list the contents of arbitrary directories on the affected system...
Foxit Reader PhantomPDF Use After Free Code Execution (CVE-2019-6730)
A use after free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of freed objects in the JavaScript popUpMenu method. Successful exploitation could allow the attacker to execute arbitrary code in the context of the application...
mIRC URI Handler Remote Code Execution (CVE-2019-6453)
A remote code execution vulnerability exists in mIRC. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option. Successful exploitation could result in code execution on the target machine in the context of the application...
Siemens Desigo PX Remote Denial of Service
A directory traversal vulnerability exists in Siemens Desigo. The vulnerability is caused due to improper validation of certain requests. A remote attacker can exploit this issue by sending a specially crafted request to the target. Successful exploitation could result in a denial of service...
Verot Class.upload.php Remote Code Execution (CVE-2019-19576; CVE-2019-19634)
A file upload vulnerability exists in class.upload.php. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Kubernetes API Server Denial Of Service (CVE-2019-11253)
A denial-of-service vulnerability exists in Kubernetes API Server. An attacker can exploit this issue by sending a maliciously crafted JSON or YAML file causing the API server to consume excessive CPU or memory. A successful attack can cause the service to crash leading to a denial of service...
Google Chrome WebAudio Use After Free (CVE-2019-13720)
A use-after-free vulnerability has been reported in Google Chrome WebAudio. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Viber Desktop URI Handler Remote Code Execution (CVE-2019-12569)
A remote code execution vulnerability exists in Viber for Desktop. The vulnerability is due to improper sanitization. Successful exploitation could result in code execution on the target machine in the context of the application...
Microsoft SharePoint DestinationFolder Cross-site Scripting (CVE-2019-1262)
A cross-site scripting vulnerability exists in Microsoft SharePoint server. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code on the affected system...
NETGEAR N300 WNR2000v5 Denial of Service (CVE-2019-5055)
A denial-of-service vulnerability exists in the Host Access Point Daemon on the NETGEAR N300 wireless router. The vulnerability is due invalid sequence SOAP request sent to the service can cause a null pointer dereference. An unauthenticated attacker can send a specially-crafted SOAP request to...
Oracle Siebel Sales Cross-Site Scripting
A cross-site scripting vulnerability exists in Oracle Siebel Sales. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web scripts into the affected system...
Aveva Indusoft Web Studio Remote Code Execution (CVE-2018-10620)
A buffer overflow vulnerability exists in Aveva Indusoft Web Studio. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Bottle Exploit Kit Landing Page
Bottle exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
Wordpress Simple Membership Plugin Cross-Site Request Forgery (CVE-2019-14328)
A cross-site request forgery vulnerability exists in Wordpress Simple Membership Plugin. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which sends a request to Simple Membership Plugin...
Apache Olingo OData XML External Entity Injection (CVE-2019-17554)
An XML external entity injection vulnerability exists in Apache Olingo OData. The vulnerability is due to a failure to properly handle external entity references in XML files. A successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-11941)
A remote code execution vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Solr Remote Code Execution (CVE-2019-0193)
A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...
Haproxy Cookie Parsing Denial-of-service (CVE-2019-14241)
A denial-of-service vulnerability exists in Haproxy. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1458)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-55: CVE-2019-16454)
An out of bounds write vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Adobe Acrobat and Reader Use After Free (APSB19-55: CVE-2019-16445)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...