13538 matches found
Microsoft JScript Security Feature Bypass (CVE-2018-8417)
A security bypass vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...
Microsoft Windows Scripting Engine Memory Corruption (CVE-2018-8552)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess Remote Code Execution (CVE-2018-15705; CVE-2018-15707)
An arbitrary file write and remote code execution vulnerabilities exist in Advantech WebAccess software. The vulnerabilities are due to the lack of input validation when processing the 'folderpath' parameter in an HTTP POST request. Successful exploitation could lead to remote code execution on t...
Microsoft Outlook Remote Code Execution (CVE-2018-8522)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Graphics Components Remote Code Execution (CVE-2018-8553)
A remote code execution vulnerability exists in Microsoft Microsoft Graphics Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8588)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows ALPC Elevation of Privilege (CVE-2018-8584)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8555)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Flash Player Out-of-bounds read (APSB18-39: CVE-2018-15978)
A out of bounds read vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8556)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft DirectX Information Disclosure (CVE-2018-8563)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Word Remote Code Execution (CVE-2018-8539)
A remote code execution vulnerability exists in Microsoft Word. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Outlook Remote Code Execution (CVE-2018-8582)
A remote code execution vulnerability exists in Microsoft Outlook. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Information Disclosure (CVE-2018-8545)
An information disclosure vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8542)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Outlook Remote Code Execution (CVE-2018-8576)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8557)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Win32k Elevation of Privilege (CVE-2018-8589)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Kernel Information Disclosure (CVE-2018-8408)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Quest KACE Systems Management Command Injection
A command injection vulnerability exists in Quest KACE Systems Management. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary code execution...
Western Digital MyBook Live Remote Code Execution (CVE-2018-18472)
A command injection vulnerability exist in WD MyBook Live and WD MyCloud NAS models. The vulnerability is due to the language change and modifies functionality in the REST API. A remote, unauthenticated attacker can exploit the vulnerability by sending a maliciously crafted packet to the target...
Rockwell Automation RSLinx Classic Denial of Service (CVE-2018-14827)
A denial of service vulnerability exists in Rockwell Automation RSLinx Classic. The vulnerability is due to incorrect handling of malformed EtherNet/IP packets. A successful exploitation of the vulnerability could lead to a system crash...
Yi Technology Home Camera cloudAPI SSID Code Execution (CVE-2018-3910)
A remote code execution vulnerability exists in Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Struts Remote Code Execution (CVE-2016-1000031)
An insecure deserialization vulnerability has been reported in Apache Struts. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)
A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Linksys ESeries OS Command Injection (CVE-2018-3953; CVE-2018-3954; CVE-2018-3955)
A command injection vulnerability exists in the Linksys E Series line of routers. An attacker can exploit these bugs by sending an authenticated HTTP request to the network configuration service. An attacker could then gain the ability to arbitrarily execute code on the machine...
Axentra Hipserv Multiple Vulnerabilities (CVE-2018-18471)
Information disclosure and command injection vulnerabilities exist in Axentra Hipserv. This is due to an incorrectly configured XML parser accepting XML external entities. A remote unauthenticated attacker may exploit this vulnerability to disclose the contents of files or execute malicious...
NETGEAR WiFi Router R6120 Credential Disclosure
A Credential Disclosure vulnerability has been reported in NETGEAR WiFi Router R6120. A remote attacker can exploit this vulnerability by sending a malicious POST request to the vulnerable router. A successful exploitation would allow the attacker to take control of the target account...
Cisco Multiple Products Denial of Service (CVE-2018-15454)
A Denial of Service DoS vulnerability exists in the SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD. The vulnerability is due to improper handling of SIP traffic. A successful remote attacker could trigger high CPU usage, resulting in...
Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)
An arbitrary file upload vulnerability has been reported in Blueimp jQuery File Upload Plugin. The vulnerability is due to a fail to adequately sanitize user-supplied input. Successful exploitation of this vulnerability could result in arbitrary code execution...
Rockwell Automation Allen-Bradley L30ERMS Denial Of Service (CVE-2017-9312)
A denial of service vulnerability exists in Rockwell Automation Allen-Bradley L30ERMS safety devices. The vulnerability is due to improper handling of specially crafted TCP SYN packets. Successful exploitation can result in a denial of service condition...
Microsoft Windows Deployment Services TFTP Server Code Execution (CVE-2018-8476)
A remote code execution vulnerability exists in Microsoft Windows Deployment Services TFTP Server . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockwell Automation Allen-Bradley CompactLogix Cross-Site Scripting (CVE-2016-2279)
A cross site scripting vulnerability has been reported in Rockwell Scada System. The vulnerability is due to lack of sanitization of user supplied input data. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser session in the context of the...
Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password...
libssh SSH2_MSG_USERAUTH_SUCCESS Authentication Bypass (CVE-2018-10933)
An authentication bypass vulnerability exists in libssh server. The vulnerability is due to presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized acces...
WordPress GDPR Compliance Plugin Privilege Escalation (CVE-2018-19207)
A privilege escalation vulnerability exists in WordPress GDPR Compliance Plugin. The vulnerability is due to a missing authorization at the "userscanregister" action. A remote authenticated attacker may exploit this vulnerability to gain administrator privileges...
Delta Electronics Delta Industrial Automation Buffer Overflow (CVE-2018-10594)
This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists when handling specially crafted packets. Successful exploitation of this vulnerability could result in the execution of arbitrary code...
VLC Media Player 2.2.8 Vulnerable to Arbitrary Code Execution (CVE-2018-11529)
VideoLAN VLC media player is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions...
SugarCRM Cross-Site Scripting (CVE-2018-17784)
A cross-site scripting vulnerability exists in SugarCRM 6.5.26. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Microsoft Edge Sandbox Escape Command Execution (CVE-2018-8463; CVE-2018-8468; CVE-2018-8469)
A command execution vulnerability exists in Microsoft Edge . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WordPress Breadcrumb NavXT Plugin Information Disclosure
A vulnerability exists in WordPress Breadcrumb NavXT plugin. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
BeEF Browser Exploitation Framework Hooking Request
Browser Exploitation Framework BeEF operates by delivering malicious js payload to the victim's browser. Successful infection will allow the attacker host to take control of the victim's browser to lunch further attacks...
WebRTC FEC Out Of Bounds Read (CVE-2018-16083)
A out of bounds read vulnerability exists in WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
WebRTC Use After Free Code Execution (CVE-2018-16071)
A use-after-free vulnerability exists in WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Theme API Remote Code Execution (CVE-2018-8413)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple QuickLook OfficeImporter JavaScript Injection
A command injection vulnerability exists in Apple QuickLook. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Internet Explorer Memory Corruption (CVE-2018-8491)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8505)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Memory Corruption (CVE-2018-8460)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Device Guard Code Integrity Policy Security Feature Bypass (CVE-2018-8492)
A security bypass vulnerability exists in Microsoft Device Guard. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...