13538 matches found
JSP Web Shell Generic Backdoor
An attacker might upload a web shell backdoor to a JSP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...
Apache CouchDB Command Execution (CVE-2018-8007)
A command execution vulnerability has been reported in CouchDB. The vulnerability is due to a design flaw where certain configuration options that specify paths for operating system level binaries launched by CouchDB are modifiable via HTTP. A remote, authenticated attacker could exploit this...
Oracle WebLogic Server Deployment Service Servlet Insecure Deserialization (CVE-2018-3252)
An insecure deserialization vulnerability exists in the Oracle WebLogic Server Deployment Service . The vulnerability is due to the lack of input validation by the servlet. A successful attack could lead to a remote code execution...
OMRON CX-One CX-Position module Buffer Overflow (CVE-2018-18993)
A stack-based overflow exists in OMRON CX-One CX-Position module. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted project file. Successful exploitation could result in arbitrary code execution...
Adobe ColdFusion DataServicesCFProxy Commons BeanUtils Insecure Deserialization (CVE-2018-15959)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Solr XML External Entity Expansion Information Disclosure (CVE-2018-8010)
An XML external entity expansion vulnerability exists in Apache Solr. The vulnerability is due to improper handling of XML external entities. Successful exploitation results in the disclosure of file or directory contents for any file or directory readable by the Apache Solr service...
ISPConfig Arbitrary File Inclusion (CVE-2018-17984)
An arbitrary file inclusion vulnerability exists in ISPConfig. This vulnerability is due to insufficient validation of user input. Successful exploitation results in RCE under the security context of the target application...
Nagios XI API Key Regeneration Privilege Escalation (CVE-2018-15711)
A privilege escalation vulnerability exists in the API component of Nagios XI. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access...
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...
Oracle GoldenGate Manager Command Report Denial of Service (CVE-2018-2914)
A denial of service vulnerability exists in Oracle GoldenGate Manager. The vulnerability is due to improper handling of an incomplete Report command. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed command to the target application. Successful exploitation...
Oracle GoldenGate Manager Command Stack Buffer Overflow (CVE-2018-2913)
A stack-based buffer overflow exists in Oracle GoldenGate Manager. The vulnerability is due an input validation error when processing overly long command name. Successful exploitation could lead to arbitrary code execution...
Apache httpd mod_md Denial of Service (CVE-2018-8011)
A denial of service vulnerability exists in the Apache httpd modmd. This vulnerability is due to insufficient input validation. Successful exploitation of this vulnerability can lead to denial of service conditions on the target server...
Libmspack Project Buffer Overflow (CVE-2018-18584)
Buffer overflow vulnerability exists in the libmspack library. This vulnerability is due to improper handling of block alignment. Successful exploitation of the vulnerability may result in arbitrary code execution...
Advantech Webaccess Directory Traversal Remote Code Execution (CVE-2017-16720)
A directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. The vulnerability is due to improper input validation. Successful exploitation could lead to remote code execution on the target...
Oracle WebLogic Server Insecure Deserialization (CVE-2018-3245)
An insecure deserialization vulnerability exists in Oracle WebLogic Server. This vulnerability is due to deserialization of untrusted data. Successful exploitation can result in arbitrary code execution...
Apache Tomcat Default Servlet Open Redirect (CVE-2018-11784)
A Servlet Open Redirect vulnerability exists in Apache Tomcat. A remote, unauthenticated attacker could exploit this vulnerability by sending a file upload request to the affected system. Successful attack can result in a Servlet Open Redirect...
Nagios XI Magpie cURL Argument Injection (CVE-2018-15708)
An argument injection vulnerability has been reported in the Magpie RSS module of Nagios XI. The vulnerability is due to insufficient validation of HTTPS URLs submitted to the magpiedebug.php script. A remote, unauthenticated attacker can exploit this vulnerability by sending a request containing...
Zoho ManageEngine OpManager Insecure Deserialization (CVE-2018-19403)
An insecure deserialization vulnerability has been reported in ManageEngine OpManager.The vulnerability is due to deserialization of untrusted data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HAProxy HTTP2 Frame Size Heap Buffer Overflow (CVE-2018-10184)
A heap-based buffer overflow vulnerability exists in HAProxy. The vulnerability is due to incorrect validation of frame length on incoming HTTP/2 frames. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server...
Netatalk Attention Quantum Out-of-bounds Write (CVE-2018-1160)
An out-of-bounds write vulnerability exists in Netatalk. This vulnerability is due to a missing bounds check. Successful exploitation could lead to arbitrary code execution with privileges of the root user...
Quagga BGP Daemon bgp_update_receive Double Free (CVE-2018-5379)
A double free vulnerability has been reported in Quagga BGP Daemon. The vulnerability is due to improper handling of cluster list and unknown attributes. A remote attacker can exploit this vulnerability by sending a crafted BGP UPDATE message to the target server...
OpenSSH sftp-server.c Denial of Service (CVE-2017-15906)
A denial of service vulnerability has been reported in OpenSSH. The vulnerability is due to improper restriction of write access when in read-only mode within sftp-server.c. A remote attacker could exploit this vulnerability by sending crafted requests to a vulnerable server...
OpenSSL Denial of Service (CVE-2018-0732)
A denial-of-service vulnerability has been reported in OpenSSL. The vulnerability is due to improper handling of an exceptionally large DH parameter when processing a Server Key Exchange. Successful exploitation would result in a crash of the server process leading to denial of service...
Advantech WebAccess SCADA Buffer Overflow (CVE-2018-7499)
A overflow vulnerability exists in the service of Advantech WebAccess. The vulnerability is due to a lack of data verification. Successful exploitation could lead to arbitrary code execution...
Asterisk PJSIP Invalid Media Attribute Denial Of Service (CVE-2018-1000099)
A denial-of-service vulnerability exists in Asterisk PJSIP. The vulnerability is due to improper validation of SDP Media Attributes. Successful exploitation can result in denial-of-service conditions...
GE MDS PulseNET Insecure Deserialization (CVE-2018-10611)
An insecure deserialization vulnerability has been reported in GE MDS PulseNET and PulseNET Enterprise. The vulnerability is due to deserialization of untrusted data on a JBoss Remoting port. Successful exploitation can result in arbitrary code execution in the context of the user running PulseNE...
Microsoft Office Excel Parsed Expression Information Disclosure (CVE-2018-8246)
An information disclosure vulnerability exists in Microsoft Office Excel. The vulnerability is due to the inclusion of uninitialized memory when processing of parsed expressions in FORMULA records in Excel workbooks. Successful exploitation would allow the attacker to disclose sensitive informati...
Dovecot Out of Bounds Read (CVE-2017-14461)
An out of bounds read vulnerability exists in Dovecot IMAP server. This vulnerability is due to incorrect indexing of specially crafted emails. Successful exploitation may result in information disclosure or denial of service conditions...
GNU Libextractor ZIP File Comment Out-of-Bounds Read (CVE-2018-16430)
An out-of-bounds read vulnerability exists in Libextractor. The vulnerability is due to improper handling of long File Comment fields within ZIP files. Successful exploitation of this vulnerability could lead to denial-of-service conditions or disclosure of sensitive information...
Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service (CVE-2018-5381)
A denial-of-service vulnerability has been reported in the BGP Daemon of Quagga. The vulnerability is due to improper handling of Multiprotocol Extensions Capabilities within certain BGP messages. A remote attacker could exploit this vulnerability by sending a crafted BGP message to the target...
Advantech WebAccess Arbitrary File Deletion (CVE-2018-7495)
An arbitrary file deletion vulnerability exists in Advantech WebAccess. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. Successful exploitation results in the deletion of arbitrary files...
Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)
An insecure deserialization vulnerability exists in Apache Struts 2. This vulnerability is due to Apache Struts 2 having a dependency on a vulnerable version of Commons FileUpload. Successful exploitation can result in arbitrary file upload within the security context of the target application...
Node.js Foundation Node.js TLS Denial of Service (CVE-2018-7162)
A denial of service vulnerability has been reported in Node.js. The vulnerability is due to improper handling of TLS by the node process. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to the target server during a TLS handshake...
H2O H2O WebServer Heap Buffer Overflow (CVE-2018-0608)
A heap buffer overflow vulnerability has been reported in H2O web server. The Vulnerability is due to insufficient input validation when writing to the access log. A remote, unauthenticated attacker can trigger this vulnerability by sending a crafted message to the target server. Successful...
Microsoft Windows OLE Obfuscated Automation Array Remote Code Execution (CVE-2014-6332)
A new obfuscation technique of remote code execution vulnerability has been reported in Microsoft Windows Object Linking and Embedding OLE. The vulnerability is due to an improper access to memory objects by Internet Explorer. A remote attacker can exploit this issue by enticing target users to...
LibTIFF Heap Buffer Overflow (CVE-2018-18557)
A heap buffer overflow vulnerability exists in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files. Successful exploitation could result in the execution of arbitrary code...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-9088)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the parameter in Java class. Successful exploitation could lead to arbitrary code execution in the security context of database service...
Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference (CVE-2018-1000168)
A denial of service vulnerability has been reported in Node.js. This vulnerability is due to the acceptance of ALTSVC frames from clients while using a vulnerable version of nghttp2...
runc Container Escape (CVE-2019-5736)
A Container Escape vulnerability exists in runc. Successful exploitation of this vulnerability will allow a remote attacker to gain root privileges on the host running the container...
Quest NetVault Backup NVBUEventHistory SQL Injection (CVE-2017-17412) - Ver2
A remote code execution vulnerability exists in Quest NetVault Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Jenkins NodeJS Plugin Remote Code Execution
A remote code execution vulnerability exists in Jenkins NodeJS plugin. Successful exploitation could allow an attacker to execute arbitrary code in the target machine...
RARLAB WinRaR ACE Format Input Validation Remote Code Execution (CVE-2018-20250)
A remote code execution vulnerability exist in RARLAB WinRaR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitary code in the context of the target user...
Suspicious Evasion In HTTP Headers
Certain evasion tools can use evasion techniques in order to circumvent inspection by security software. A remote attacker could use evasion methods in order to execute arbitrary code on the target system...
Adobe Acrobat and Reader Security bypass (APSB19-07: CVE-2019-7089)
A security bypass vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...
Adobe Acrobat and Reader Out-of-bounds read (APSB19-07: CVE-2019-7045)
An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload (CVE-2018-15379)
An arbitrary file upload vulnerability exists in Cisco Prime Infrastructure. The vulnerability is due to the presence of a symbolic link permitting the upload of files into a location where they can be later executed. Successful exploitation could result in the execution of arbitrary code in the...
Oracle GoldenGate Manager Command Tab Parsing Denial of Service (CVE-2018-2912)
A denial of service vulnerability exists in Oracle GoldenGate Manager. The vulnerability is due to an input validation error when parsing a command which is not correctly separated by TAB characters. Successful exploitation could lead to a crash of the Manager service, causing a denial-of-service...
Adobe Flash Player Out-of-bounds read (APSB19-06: CVE-2019-7090)
A out of bounds read vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Adobe Acrobat and Reader Use After Free (APSB19-07: CVE-2019-7026)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...