13538 matches found
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0769)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Memory Corruption (CVE-2019-0763)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2019-0666)
A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows SMB Information Disclosure (CVE-2019-0703)
An information disclosure vulnerability exists in the SMB component of Microsoft Windows SMB server. The vulnerability is due to improper handling of SMB requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMB messages to a target server...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2019-0770)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
OpenSSH SCP Client Arbitrary File Download (CVE-2019-6110)
A malicious file download vulnerability exists in OpenSSH SCP client. A malicious server can manipulate the client output and include malicious payload. Successful exploitation of this vulnerability could lead to download of malicious files...
Rockwell Automation RSLinx Classic Remote Code Execution (CVE-2019-6553)
A buffer overflow vulnerability exists in RSLinx Classic. This is due to a lack of input validation when handling EtherNet/IP packets. A successful exploitation of the vulnerability could to arbitrary code execution or denial of service conditions...
Google Chrome PaymentRequest Service Use After Free
A vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Google Chrome P2PSocketDispatcherHost Use After Free
A vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Google Chrome Unicode Range CSS Out Of Bound
An out of bounds read vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
WordPress WooCommerce Plugin Authentication Bypass (CVE-2018-20782)
An authentication bypass exists in WordPress WooCommerce Plugin. The vulnerability is due to insufficient data verification and lack of any cryptographic authentication. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request...
Google Chrome FileWriterImpl Use After Free
A vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
WordPress WooCommerce Plugin Cross-site Scripting (CVE-2019-9168)
A cross-site scripting vulnerability exists in WordPress WooCommerce Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Joomla Jmail Breaker PHP Web Shell Backdoor
An attacker might upload a web shell backdoor to a Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
Joomla Jmail Breaker Arbitrary File Upload
An attacker might use a web shell backdoor to upload arbitrary files using Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
QNAP QTS Multiple Command Injection Vulnerabilities (CVE-2017-6361; CVE-2017-6359; CVE-2017-6360)
Multiple command injection vulnerabilities exist in QNAP QTS servers. Successful exploitation of these vulnerabilities could lead to execution of arbitrary commands with root privileges on the target server...
Cisco Multiple Routers Remote Code Execution (CVE-2019-1663)
A remote code execution vulnerability exists in Cisco routers management interface. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...
Jenkins Multiple Plugins Remote Code Execution (CVE-2019-1003000)
A remote code execution vulnerability exists in Jenkins. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server using a sandbox bypass vulnerability on multiple plugins...
Apache httpd mod_ssl TLS Renegotiation Denial of Service (CVE-2019-0190)
A denial-of-service vulnerability has been reported in Apache httpd. The vulnerability is due to improper handling of client-initiated renegotiation when using OpenSSL version 1.1.1. A remote attacker could exploit this vulnerability by sending crafted request including performing a TLS...
Rockwell Automation MicroLogix 1400 and 1756 ControlLogix Denial of Service (CVE-2018-17924)
A denial of service vulnerability exists in Rockwell MicroLogix 1400 Controllers and 1756 ControlLogix Ethernet/IP Communications Modules. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted CIP connection request packet to an affected device, causi...
PhpMyAdmin tbl_replace.php Local File Inclusion (CVE-2018-19968)
A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of a column in the column info table. A remote, authenticated attacker could exploit this vulnerability by sending a request with crafted SQL statements to the target server. Successful...
LAquis SCADA Web Server Command Injection (CVE-2018-18992)
A command injection exists in LAquis SCADA web server. The vulnerability is due to insufficient input sanitization, which permits command injection. A remote attacker could exploit this vulnerability by sending a crafted request to an affected server...
Adobe Acrobat XPS JPEG Out of Bounds Read (CVE-2018-4889)
An out of bounds read vulnerability has been reported in XPS component of Adobe Acrobat. The vulnerability is due to improper parsing of an embedded JPEG image in an XPS document. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Nuxeo NuxeoUnknownResource Expression Language Injection (CVE-2018-16341)
An Expression Language injection vulnerability exist in Nuxeo Content Management System. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-20338)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests. Successful exploitation could lead to arbitrary SQL code execution...
NTPsec ntpd ctl_getitem Out of Bounds Read (CVE-2019-6443)
An out of bounds read vulnerability has been reported in NTPsec ntpd. The vulnerability is due to insufficient validation of the length of a message in a NTP packet. A remote unauthenticated user can exploit this vulnerability by sending a crafted packet to the target server...
Kubernetes Dashboard Authentication Bypass Information Disclosure (CVE-2018-18264)
An authentication bypass vulnerability exists in Kubernetes server API. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Microsoft Office Excel Note Record Information Disclosure (CVE-2018-8382)
An information disclosure vulnerability exists in Microsoft Excel. The vulnerability is due to a missing length verification in the parsing of workbook streams. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
NTPsec ntpd write_variables Denial of Service (CVE-2019-6445; CVE-2019-8936)
A denial-of-service vulnerability has been reported inN TPsec ntpd. The vulnerability is due to insufficient validation of certain data when parsing a variable in order to write. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted link...
BusyBox Project BusyBox udhcp Option Out of Bounds Read (CVE-2018-20679)
An out-of-bounds read vulnerability has been reported in the udhcp module of BusyBox. This vulnerability is due to insufficient validation of the length of certain options in a DHCP packets. A remote attacker could exploit this vulnerability by sending maliciously crafted messages to a DHCP clien...
ZeroMQ libzmq v2_decoder Integer Overflow (CVE-2019-6250)
An integer overflow vulnerability has been reported in ZeroMQ libzmq. The vulnerability is due to improper validation of user-supplied data in the zmq::v2decodert::sizeready function when handling ZMTP version 2 messages...
Drupal Core Remote Code Execution (CVE-2019-6340)
A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Security bypass (APSB19-13: CVE-2019-7815)
A security bypass vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...
Microsoft Office Information Disclosure - Ver 0 (CVE-2018-0950)
A vulnerability exists in RTF based emails which cause information disclosure through Outlook on Windows. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a...
Rockwell Automation FactoryTalk Services Platform Denial of Service (CVE-2018-18981)
A buffer overflow vulnerability exists in Rockwell Automation FactoryTalk Services Platform. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Microsoft Internet Explorer Memory Corruption - VER0 (CVE-2018-8631)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Heap Overflow - VER0 (APSB18-02: CVE-2018-4904)
A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-20173)
A SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of parameters. Successful exploitation could lead to arbitrary SQL code execution...
HTML Containing Malicious VBScript Obfuscated
Certain VBScript obfuscation schemes can be used to circumvent security software. These methods could allow attackers to execute arbitrary code on the target machines...
Microsoft Graphics Component Information Disclosure (CVE-2018-8396)
An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker could exploit the vulnerability by enticing user to open a...
Corosync Cluster Engine Integer Overflow (CVE-2018-1084)
An integer overflow vulnerability exists in Corosync. The vulnerability is due to an improper data length calculation. Successful exploitation could cause arbitrary code execution in the context of the Corosync user...
Quagga BGP Daemon Notify Attribute Out of Bounds Read (CVE-2018-5378)
An out of bounds read vulnerability exists in BGP Daemon of Quagga. The vulnerability is due to improper validation of attribute sizes received by BGP peers before responding with the contents of the attribute in a NOTIFY message. A remote attacker can exploit this vulnerability by sending a...
LibreOffice WEBSERVICE Information Disclosure (CVE-2018-6871)
An information disclosure vulnerability exists in LibreOffice. The vulnerability is due to improper validation of the WEBSERVICE function argument. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted office document...
ISC BIND deny-answer-aliases Assertion Failure Denial of Service (CVE-2018-5740)
A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or AN...
Nagios XI Cmdsubsys Command Injection (CVE-2018-15709; CVE-2018-15710)
An command injection vulnerability has been reported in the Command subsystem component of Nagios XI. The vulnerability is due to insufficient validation of command options submitted to ajaxhelper.php for the submitcommand action and the existence of a local privilege escalation vulnerability tha...
Advantech Webaccess Buffer Overflow Remote Code Execution (CVE-2018-8845)
A buffer overflow vulnerability exists in Advantech Webaccess. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Samba LDAP AD DC Privilege Escalation (CVE-2018-1057)
A privilege escalation vulnerability has been reported in the Samba. A remote attacker could exploit this vulnerability by sending crafted LDAP requests to the vulnerable service. Successful exploitation allows authenticated attackers to change other users passwords, including administrative user...
Squid Proxy SNMP Query Rejection Denial of Service
A denial-of-service vulnerability has been reported in the SNMP component of Squid Proxy. The vulnerability is due to a memory leak in SNMP query rejection code. A remote attacker can exploit this vulnerability by sending a large number of SNMP queries to the target system...
GitLab Wiki API Attachments Command Injection (CVE-2018-18649)
A remote code execution vulnerability has been reported in GitLab Wiki API. The vulnerability is due to improper validation of parameters when uploading files to the Wiki repository via the Wiki API. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to th...
WordPress Core Local File Inclusion Remote Code Execution (CVE-2019-8942)
A remote code execution vulnerability exists in WordPress Core. Successful exploitation of this vulnerability could allow a remote attacker with at least author privileges to execute arbitrary code on the target server...