13538 matches found
Microsoft Windows Graphics Device Interface Information Disclosure (CVE-2018-8596)
An information disclosure vulnerability exist in the GDI component of Microsoft Windows. The vulnerability is due to an improper disclosure of the contents of the memory. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks...
Cisco ISE Virtual Appliance Cross Site Scripting (CVE-2018-15440)
A cross site scripting vulnerability exists in Cisco ISE virtual appliance. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...
Oracle Reports Developer Component Cross-site Scripting (CVE-2019-2413)
A cross-site scripting vulnerability exists in Oracle Reports component. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
LibreOffice and Openoffice Remote Code Execution (CVE-2018-16858)
A remote code execution vulnerability has been reported in LibreOffice and Openoffice. The vulnerability is due to insufficient validation of a link reference in a DOT file when processing events in the application. Successful exploitation of this vulnerability could allow a remote attacker to...
FreeRDP Remote Code Execution (CVE-2018-8786)
A command execution vulnerability exists in FreeRDP. A successful attack could lead to a remote command execution...
Microsoft Windows CONTACT Files Remote Code Execution
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to improper processing of Contact files. Successful exploitation could lead to arbitrary code execution...
NoneCMS ThinkPHP Remote Code Execution
A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Device Metadata Authoring Wizard Remote Code Execution
A remote code execution vulnerability exists in Microsoft Device Metadata Authoring Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Suspicious Linux Shell Downloader
Many campaigns are known to use shell downloaders. A remote attacker can exploit this vulnerability by running suspicious file on the targeted system...
JBoss Seam 2 Framework Remote Code Execution (CVE-2010-1871)
An Arbitrary File Upload vulnerability exists in JBoss Seam 2 Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Red Hat JBoss AS Remote Code Execution
A remote code execution vulnerability exists in JBoss AS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)
A remote code execution vulnerability is exist in JBoss Enterprise Application Platform. A remote attacker can exploit this vulnerability to execute arbitrary code in the targeted system...
Rockwell Automation RNADiagReceiver Denial Of Service (CVE-2012-0222)
A denial of service vulnerability exists in Rockwell Automation RNADiagReceiver. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the target system...
Advanced Package Tool Remote Code Execution (CVE-2019-3462)
A remote code execution vulnerability exists in Advanced Package Tool. The vulnerability is due to lack of sanitation on Location headers in HTTP responses. Successful exploitation could result in installation and execution of altered packages...
Cisco RV320 Command Injection (CVE-2019-1652)
A command injection vulnerability exists in Cisco RV320 and RV325 routers. An attacker can exploit this vulnerability by sending an authenticated HTTP request to the web-based management interface. An attacker could then gain the ability to arbitrarily execute code on the machine...
Rockwell RSLogix 5000 RNA Denial of Service (CVE-2011-3489)
A denial of service vulnerability exists in Rockwell RSLogix 5000. A remote attacker could exploit this vulnerability by sending a specially crafted request to the target system...
AirLink101 SkyIPCam Command Injection (CVE-2015-2280)
A command execution vulnerability exists in Airlink101 Skyipcam1620W Wireless N Mpeg4Gpp Firmware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
IDenticard PremiSys Default Database Credentials (CVE-2019-3909)
Default database username and password exist in the IDenticard PremiSys database . The vulnerability is due to users are unable to change these passwords without vendor intervention. A remote attacker can exploit this vulnerability to access the database with administrator privileges...
IDenticard PremiSys Hardcoded Backdoor Account (CVE-2019-3906)
Hardcoded Backdoor Account exist in the IDenticard PremiSys . The vulnerability is due to service contains hardcoded credentials. Successful exploitation can allow admin access to the service via the Premisys WCF Service endpoint...
OpenSSH sshd Username Information Disclosure (CVE-2018-15473)
An information disclosure vulnerability exists in OpenSSH. The vulnerability is due to the different ways in which the sshd daemon responds to crafted SSH packets. A successful attack can result in the attacker being able to determine whether a user exists on the system...
Digium Asterisk Denial of Service (CVE-2018-7286)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of prematurely closed TCP connections after a SIP INVITE request. Successful exploitation could result in denial of service conditions on the target service...
Microsoft Windows VCF Files Remote Code Execution
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to improper processing of VCard files. Successful exploitation could lead to arbitrary code execution...
Digium Asterisk Denial of Service (CVE-2018-7285)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of RTP packets. Successful exploitation of this vulnerability may result in a denial of service condition on the target service...
Binary Java Script Malicious Obfuscation Techniques
Many scams have emerged looking to infect users with malware by giving users false information claiming that their computers are infected. After such claims an alert appears requesting the client to approve the running of a javascript file. A successful attack can lead to downloading malware to t...
Apache CouchDB Cross Site Request Forgery
A cross site request forgery vulnerability exists in Apache CouchDB 2.3.0. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
SQLite FTS Integer Overflow (CVE-2018-20346)
An integer overflow vulnerability exists in SQLite-based applications. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Oracle Application Express AnyChart Flash-Based XSS (CVE-2018-2699)
A vulnerability exists in Oracle Application Express. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Red Hat NetworkManager DHCP Command Injection (CVE-2018-1111)
A command injection vulnerability has been reported in the Red Hat Network Manager. This vulnerability is due to improper validation of DHCP responses by Network Manager scripts. A remote attacker could exploit this vulnerability by sending malicious DHCP responses to a vulnerable target...
Red Hat 389 Directory Server vslapd_log_emergency_error Denial of Service (CVE-2018-14624)
A denial-of-service vulnerability has been reported in 389 Directory Server. The vulnerability is due to improper use of the lock controlling the error log when the log file is reopened. A remote, unauthenticated attacker could send LDAP requests to a very large DN to trigger the vulnerability...
Red Hat 389 Directory Server do_search Denial of Service (CVE-2018-14648)
A denial-of-service vulnerability has been reported in 389 Directory Server. The vulnerability is due to improper processing of LDAP search queries in the dosearch function in servers/slapd/search.c. A remote, unauthenticated attacker could exploiting this vulnerability by sending crafted LDAP...
Network Time Protocol ntpq decodearr Stack-based Buffer Overflow (CVE-2018-7183)
A buffer overflow vulnerability has been discovered in the monitoring and control program ntpq of Network Time Protocol daemon. A successful attack would result in arbitrary code execution in the security context of the user...
Suspicious JavaScript Obfuscation Chunks Technique
Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...
Samba AD DC Null Pointer Dereference (CVE-2018-1140)
A null pointer dereference vulnerability exists in Samba. The vulnerability is due to insufficient validation of DNS requests when Samba is operating as an Active Directory Domain Controller. Successful exploitation results in a crash leading to denial of service conditions...
Red Hat 389 Directory Server ns-slapd ldapsearch Buffer Overflow (CVE-2018-1089)
A stack buffer overflow vulnerability has been discovered in 389 Directory Server. The vulnerability is due to improper handling of overly long filter values within ldapsearch queries. A remote attacker can issue a crafted query in order to trigger the vulnerability and cause arbitrary code...
Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of WebSocket payloads. Successful exploitation would result in a crash of the server process leading to denial of service...
Rockwell Automation Allen Bradley Micrologix 1400 Series Device Power Cycle Denial of Service (CVE-2017-12088; CVE-2017-12089; CVE-2017-12090; CVE-2017-12092; CVE-2017-12093)
A denial of service vulnerability exists in Rockwell Automation Allen Bradley Micrologix 1400 Series. A remote, unauthenticated attacker can exploit the vulnerability by sending crafted packets to the target system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0567)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0539)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Remote Code Execution (CVE-2019-0541)
A remote code execution vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Huawei Router Authentication Bypass (CVE-2014-5395)
A vulnerability exists in Huawei router. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft XmlDocument Elevation of Privilege (CVE-2019-0555)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Data Sharing Service Elevation of Privilege (CVE-2019-0572)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Elevation of Privilege (CVE-2019-0543)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows COM Elevation of Privilege (CVE-2019-0552)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Memory Corruption (CVE-2019-0565)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Data Sharing Service Elevation of Privilege (CVE-2019-0573)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Data Sharing Service Elevation of Privilege (CVE-2019-0574)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Kernel Information Disclosure (CVE-2019-0569)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Edge Elevation of Privilege (CVE-2019-0566)
An elevation of privilege vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0568)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...