13538 matches found
Dell OpenManage Network Manager Authentication Bypass (CVE-2018-15768)
An authentication bypass vulnerability exists in Dell OpenManage Network Manager. The vulnerability is due to a misconfiguration in the /etc/sudoers file. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into t...
Apache Tika Command Injection (CVE-2018-1335)
A command injection vulnerability exists in Apache Tika. The vulnerability is due to improper validation of the HTTP requests. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
IBM QRadar SIEM Authentication Bypass (CVE-2018-1418)
An authentication bypass exists in IBM QRadar SIEM. This vulnerability is due to a combination of lack of authentication. remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Adobe Flash Player Use After Free (APSB18-42: CVE-2018-15982)
A use-after-free vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Dell EMC VMAX Virtual Appliance Manager Authentication Bypass (CVE-2018-1216)
An authentication bypass vulnerability exists in Dell EMC VMAX Virtual Appliance vApp. The vulnerability is due to improper authentication. remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Zoho ManageEngine OpManager oputilsServlet Authentication Bypass (CVE-2018-17283)
An authentication bypass vulnerability exists in ManageEngine OpManager. The vulnerability is due to lack of access control of /oputilsServlet?action=getAPIKey method...
Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass (CVE-2018-12368)
A policy bypass vulnerability exists in Mozilla Firefox. This vulnerability is due to a design weakness that allows a malicious WebExtension to open a SettingContent-ms file without a user prompt...
PowerDNS Recursor Denial of Service (CVE-2017-15120)
A denial of service vulnerability exists PowerDNS Recursor. The vulnerability is due to a NULL pointer dereference. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted DNS query to a vulnerable server. Successful exploitation would result in a crash ...
Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)
A SQL injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to insufficient validation of user input. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Windows Known Malicious Executable File Payload
Certain known malware campaigns utilize malicious executable files. A remote attacker could convince users to manually run it. This would allow the malicious code to run and infect the target system...
RookIE User Agent Executable Download
Certain malicious executable files can be downloaded to computer systems using RookIE user agent...
Jenkins CI Server Policy Bypass (CVE-2018-1999001)
A policy bypass vulnerability exists in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests. A successful attack could lead to policy bypass...
Yi Technology Home Camera CRCDec Denial Of Service (CVE-2018-3935)
A denial of service vulnerability exists in the Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to allocate unlimited memory, resulting in denial of service...
Magecart Credit Card Stealer
Magecart is a malicious javascript code injected into e-commerce websites in order to steal payment details. A compromised website containing the malicious code may leak the customer's payment details to the attacker...
CMS Made Simple Remote Code Execution (CVE-2018-10517)
A remote command execution vulnerability exists in CMS Made Simple 2.2.7. By uploading an XML Package that contain base64-encoded PHP code in a data element, an authenticated attacker with administrator privileges can exploit this vulnerability for execution of arbitrary code...
Microsoft Skype for Business Denial of Service (CVE-2018-8546)
A denial of service vulnerability exists in Microsoft Skype for Business and Lync. The vulnerability is due to improper handling of emojis. Successful exploitation may lead to denial of service conditions...
OMRON CX-One SBA File Parsing Buffer Overflow (CVE-2018-7514)
A heap-based overflow exists in OMRON CX-One SBA File Parsing. The vulnerability is due to input validation error when processing the SBA configuration file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess SQL Injection (CVE-2018-5443)
An SQL injection vulnerability exists in Advantech WebAccess/SCADA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CMS Made Simple remote password reset (CVE-2018-10081)
A remote password reset vulnerability exists in CMS Made Simple. The vulnerability is due to improper validation of password reset requests...
Advantech WebAccess SCADA BwPSLinkZip Stack-based Buffer Overflow (CVE-2018-7499)
A stack-based buffer overflow vulnerability exists in the webvrpcs service of Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer...
Zoho ManageEngine Desktop Central Arbitrary File Deletion (CVE-2018-12999)
An arbitrary file deletion vulnerability exists in Zoho ManageEngine Desktop Central. The vulnerability is due to insufficient input validation in requests handled by AgentTrayIconServlet...
WordPress Theme CherryFramework Backup File Download
Information Disclosure vulnerability has been reported in WordPress CherryFramework Theme . Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Google Chrome SwiftShader OpenGL Texture Bindings Reference Count Leak
A use-after-free vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Paloaltonetworks Panos Remote Code Execution (CVE-2017-15944) - Ver2
A remote code execution vulnerability exists in paloaltonetworks panos. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trend Micro IWSVA Deploywizard Haport Parameter Command Injection - Ver2
A command injection vulnerability exists in Trend Micro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Trend Micro IWSVA Parameter Command Injection - Ver2
A vulnerability exists in Trend Micro. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Trend Micro IWSVA Domain List Bdn Paremeter Command Injection - Ver2
A command injection vulnerability exists in Trend Micro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
HPE System Management Homepage Issue (CVE-2017-12544) - Ver2
A vulnerability exists in HPE System Management Homepage. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
HPE Lights-Out Authentication Bypass (CVE-2017-12542)
An authentication bypass vulnerability exists in HPE Lights-Out. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Dahuasecurity Smartpss Firmware Authentication Bypass (CVE-2017-6343)
An authentication bypass vulnerability exists in Dahuasecurity Smartpss Firmware. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Advantech WebAccess SCADA bwmakdir Stack-based Buffer Overflow (CVE-2018-7499)
A stack-based buffer overflow vulnerability exists in the webvrpcs service of Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer...
Apache Software Foundation Apache HTTP Server Remote Code Execution (CVE-2002-0392) - Ver2
A remote code execution vulnerability exists in Apache Software Foundation Apache HTTP Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cryptocurrency Mining Command Injection
The attacker takes advantage of a common command injection vulnerability in cryptocurrency miners. If successful, it attempts to run the script on targeted hosts...
TP-Link HTTP server ping address remote code execution (CVE-2018-3950)
An exploitable remote code execution vulnerability exists in TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability...
Microsoft Edge Chakra OP_Memset Type Confusion
A type confusion vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
Adobe Flash Player Type Confusion (APSB18-44: CVE-2018-15981)
A type confusion vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Multiple CMS Platforms SQL Injection Attempt Over URL
Multiple SQL injection vulnerabilities exist in CMS platforms. Successful exploitation could allow an attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
XML Containing Malicious File Stream
Malicious files can be embedded into XML in the form of obfuscated file streams. A remote attacker can exploit this to transfer malicious files into a user's machine. Successful exploitation would allow an attacker to execute arbitrary code...
Branch.io Cross-Site Scripting
A Cross Site Scripting XSS vulnerability exists in Branch.io. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Mongo Web Admin Information Disclosure
An information disclosure vulnerability exists in Mongo Web Admin. Successful exploitation of this vulnerability could allow a remote attacker to access to a restricted file...
WordPress File Deletion WooCommerce Plugin Privilege Escalation
A privilege escalation vulnerability exist in WordPress File Deletion WooCommerce Plugin. The vulnerability is due to a lack of validation in file deletion. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)
Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...
Adobe ColdFusion Remote Code Execution (CVE-2018-15961)
A remote code execution vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Yi Technology Home Camera 27US Denial Of Service (CVE-2018-3928)
A denial of service vulnerability exists in the firmware update functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system, creating a denial of service condition...
Adobe Acrobat and Reader Data leakage (APSB18-40: CVE-2018-15979)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft Windows VBScript Engine Remote Code Execution (CVE-2018-8544)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockwell Automation RSLinx Classic Buffer Overflow (CVE-2018-14821)
A buffer overflow vulnerability exists in Rockwell Automation RSLinx Classic. The vulnerability is due to incorrect handling of malformed EtherNet/IP packets. A successful exploitation of the vulnerability could lead to a system crash...
Microsoft Win32k Information Disclosure (CVE-2018-8565)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft DirectX Elevation of Privilege (CVE-2018-8554)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockwell Automation RSLinx Classic Stack Buffer Overflow (CVE-2018-14829)
A stack buffer overflow vulnerability exists in Rockwell Automation RSLinx Classic. The vulnerability is due to incorrect handling of malformed EtherNet/IP packets. A successful exploitation of the vulnerability could lead to a system crash...