13538 matches found
WordPress Suspicious Command Injection
A remote attacker can send a malicious request to a WordPress web server containing arbitrary commands. Successful exploitation could result in the execution of arbitrary code in the web server...
EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass (CVE-2017-8013)
A static credentials authentication bypass vulnerability exists in the EMC Data Protection Advisor Application service...
Xitami /AUX Request Remote Denial Of Service
A denial of service vulnerability has been reported in Xitami Web Server. The vulnerability is due to an error while processing HTTP requests. A remote attacker could exploit this vulnerability by sending a malicious HTTP request to the target server...
Malicious Crypto Miner Downloader
Many malicious sites attempt to get users to download crypto miners. These miners will run in the background of the victims machines and highjack their CPU. A successful attack could lead to a loss of performance in the victims machine...
Electron Protocol Handler Remote Code Execution (CVE-2018-1000006)
A remote code execution vulnerability exists within Electron Protocol Handler. This is due to the way Electron registers Windows applications as the default handler for a protocol. A successful attack could lead to a remote code execution on the effected system...
DNS Rebind RPC Unauthenticated Access
A DNS rebind vulnerability exists within certain RPC authentication methods. This is due to the way the agent handles update requests. A successful attack could lead to malicious code execution...
Multiple IoT Command Injection
Remote command injection vulnerabilities exist in multiple IoT devices. A remote attacker can exploit these weaknesses to execute arbitrary commands in the affected devices via a crafted request...
Google Chrome V8 Type confusion (CVE-2017-5116)
A type confusion vulnerability exists in Google Chrome V8 Engine. The vulnerability is due to a race condition. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted web page. Successful exploitation could allow an attacker to execute arbitrary cod...
WordPress YITH WooCommerce Wishlist Plugin SQL Injection
An SQL injection vulnerability has been reported in WordPress YITH WooCommerce Wishlist Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
NetGain Systems Enterprise Manager exec_jsp Command Execution (CVE-2017-16602)
A command execution vulnerability exists in NetGain Systems Enterprise Manager. The vulnerability is due improper validation of command HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to a vulnerable server...
ESF pfSense system_groupmanager.php Command Injection
A command injection vulnerability exists in the web console of the ESF pfSense firewall. The vulnerability is due to a failure on part of the application to properly parse input supplied to the members parameter in the systemgroupmanager.php script...
Microsoft Edge Out Of Bounds Read Information Disclosure (CVE-2018-0767)
An out of bounds read information disclosure vulnerability exists within Microsoft Edge. This is due to the way Microsoft Edge handles array segments in certain Javascript methods. A successful attack could lead to stolen information...
Metasploit Shellcode Encoders
Malicious payload can be encoded by metasploit modules to circumvent security software. Successful exploitation could allow attackers to execute arbitrary code on the target...
Cobalt Strike Scripted Web Delivery Remote Code Execution
Certain evasion tools obfuscate scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target, using it to download and execute a malicious payload...
Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection (CVE-2017-14078)
An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the id request parameter with getdepprofile action...
Web servers PHPMyAdmin Suspicious Table Hyperlink (CVE-2017-1000499)
A PhpMyAdmin user could be subject to a phishing attack. This is due to the way PhpMyAdmin handles modify requests. A successful attack could lead to malicious SQL command execution...
Western Digital MyCloud Remote Code Execution (CVE-2017-17560)
A remote code execution vulnerability exists within Western Digital MyCloud servers. This is due to the way the MyCloud servers handle file uploads to specific directories. A successful attack could lead to a remote code execution and stolen information...
Microsoft Office subDoc NTLMv2 Phishing
A data leakage vulnerability exists in Microsoft Office. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted Office file. Successful results in leakage of the affected user's password...
D-Link DNS-320 Backdoor Unauthorized Access
An unauthorized access vulnerability exists in D-Link DNS-320 ShareCenter. Successful exploitation of this vulnerability could allow a remote attacker to gain administrator level access on the affected device...
Digium Asterisk chan_skinny SCCP session Denial of Service (CVE-2017-17090)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a flood of certain requests to asterisk and exhaust available...
Adobe Flash Player Out-of-bounds Read (APSB18-01: CVE-2018-4871)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Word Memory Corruption (CVE-2018-0797)
An Office RTF remote code execution vulnerability exists in Microsoft Office software. The vulnerability is due to an error in the way the Office software handles RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user...
OrientDB Server Remote Code Execution
A remote code execution vulnerability exists in OrientDB server. The vulnerability is due privilege escalation when the server receives a specially crafted request. A remote attacker can exploit this vulnerability to gain privilege rights and execute arbitrary code...
Microsoft Office Equation ASLR Bypass
A remote code execution vulnerability exists in Microsoft Office with embedded Equation objects. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted Office file. Successful exploitation would allow an attacker to bypass the ASLR mechanism and execute...
Microsoft Office Equation Memory Corruption Remote Code Execution (CVE-2018-0802)
A remote code execution vulnerability exists in Microsoft Office Equation Editor. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a...
Samba SMB1 message_push_string Information Disclosure (CVE-2017-15275)
An information disclosure vulnerability exists in the SMB1 component of Samba. The vulnerability is due to the inclusion of uninitialized memory in certain responses. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted SMB1 commands to the target serve...
EFS Software Easy File Sharing Web Server vfolder.ghp Stack Buffer Overflow
A buffer overflow vulnerability exists in HTTP GET requests to EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on properly perform boundary checking on user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP...
Red Hat Jboss Application Server Remote Code Execution (CVE-2017-12149)
A Remote Code Execution vulnerability exists within Red Hat Jboss application server. This is due to the way the Jboss Application Server handles its Read Only Access filter. A successful attacker could run arbitrary code on the machine...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0773)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0774)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the curre...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0769)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0776)
A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page that could cause memory corruptio...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0777)
A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to an Out-of-Bounds write in the JavaScript engine. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page that could cause memory corruption in a way th...
Meltdown/Spectre Multiple Browsers Speculative Execution (CVE-2017-5715; CVE-2017-5753; CVE-2017-5754; CVE-2018-3639)
A CPU speculative execution vulnerability exists in multiple processors. A remote attacker can exploit this vulnerability using JavaScript code. Successful exploitation allows a remote attacker to read arbitrary virtual memory...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2018-0762)
A Type Confusion vulnerability exists in Microsoft Browsers. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution...
Microsoft Windows ITS Protocol Information Disclosure (CVE-2017-11927)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to improper parsing of the InfoTech Storage ITS protocol requests. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage or URL...
Samsung Internet Browser SOP Bypass (CVE-2017-17692)
A SOP bypass vulnerability exists within the Samsung internet browser. This vulnerability is due to the way the browser handles its same origin policy. A successful attack could lead to stolen information...
ManageEngine ServiceDesk DownloadFileServlet Information Disclosure (CVE-2017-11511)
An information disclosure vulnerability exists within ManageEngine ServiceDesk for Microsoft Windows. The vulnerability is due to the way ServiceDesk handles download requests. A successful attack could lead to stolen system information...
Samba SMB1 Server Use After Free (CVE-2017-14746)
A use after free vulnerability exists in the SMB1 component of Samba. The vulnerability is due to insufficient handling of TIDs in certain circumstances. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted commands to the target server...
Triton Toolkit SIS Controllers Denial Of Service
TRITON is an attack framework kit built to interact with Triconex SIS controllers. Remote attackers use this framework in order to destroy and shutdown industrial systems...
Cisco Prime Network Analysis Module Graph Directory Traversal (CVE-2017-12285)
A directory traversal vulnerability exists in the Cisco Prime Network Analysis Module. The vulnerability is due to the way Cisco Prime Network Analysis Module handles input validation. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the target...
Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271; CVE-2017-3506)
A remote code execution vulnerability exists within Oracle WebLogic WLS. This is due to the way Oracle WebLogic handles xml decodes. A successful attack could lead to a remote code execution...
GoAhead CGI Scanner
A GoAhead scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the GoAhead vulnerabilities on a target server...
GoAhead LD_PRELOAD Remote Code Execution (CVE-2017-17562)
A remote code execution vulnerability exists in GoAhead web server. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...
WordPress Captcha Plugin Backdoor
A backdoor vulnerability exists in WordPress Captcha plugin. Successful exploitation of this vulnerability allows remote attackers to change the effected site's content...
Multiple Webservers Cross-Site Scripting Attempt (CVE-2015-0899; CVE-2016-1182)
Cross-site scripting vulnerabilities exist in multiple webservers. The vulnerabilities are caused due to lack of validation of form fields. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary script into the affected webserver...
Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...
Apple WebKit Use After Free Code Execution (CVE-2017-13795)
A remote code execution vulnerability has been discovered in Apple's WebKit. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
vBulletin Routestring Remote Code Execution
A remote code execution vulnerability exists in the vBulletin software package. The vulnerability is due improper validation of user input .Successful exploitation of this vulnerability will allow execution of arbitrary code on a target system...
Apple WebKit Use After Free Code Execution (CVE-2017-13796)
A remote code execution vulnerability exists in Apple's WebKit. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...