13538 matches found
vBulletin cacheTemplates Remote Code Execution (CVE-2017-17672)
A remote code execution vulnerability exists in the vBulletin software package. The vulnerability is due to improper validation of user input .Successful exploitation of this vulnerability will allow execution of arbitrary code on a target system...
Apache CouchDB JSON Remote Privilege Escalation (CVE-2017-12635)
A privilege escalation vulnerability exists in CouchDB. The vulnerability is due to a discrepancy between the behaviour of the Erlang and JavaScript JSON parsers used within CouchDB. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to a...
Foxit PDF Reader Javascript File Write Remote Code Execution
A File Write Remote Code Execution vulnerability exists in the Foxit Reader. This vulnerability is due to The createDataObject Javascript API function allows for writing arbitrary files to the file system. A remote attacker could exploit this vulnerability by enticing a victim user to open a...
Apple WebKit Out-of-bounds Read (CVE-2017-13785)
An arbitrary code execution vulnerability has been discovered in Apple WebKit. The vulnerability is due to an error in Apple Webkit while handling certain display properties within the style blocks. A remote attacker could exploit this issue by enticing the target user to open a maliciously craft...
Oracle Tuxedo Jolt Protocol Heap Buffer Overflow (CVE-2017-10278)
A heap buffer overflow vulnerability exists in Oracle's Tuxedo and PeopleSoft products. This vulnerability is due a lack of length field checking in JOLT protocol structure. A successful attack could lead to remote code execution...
ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)
ROBOT Detect Scanner is a vulnerability scanning product. Remote attackers can use ROBOT Detect Scanner to detect vulnerabilities on a target server...
Systemd resolved dns_packet_read_type_window Infinite Loop (CVE-2017-15908)
A denial-of-service vulnerability exists in the dnspacketreadtypewindow function of systemdresolved component in the systemd project. This vulnerability is due to the incorrectly parsing of NSEC records in a DNS response. A malicious DNS server could exploit this vulnerability by sending a crafte...
JbossMQ Invocation Layer Deserialization Remote Code Execution (CVE-2017-12149; CVE-2017-7504)
An invocation layer deserialization vulnerability exists in Red Hat JBoss Seam Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted file to the web application...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11893)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. An attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11890)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11901)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is in the way that Microsoft Internet Explorer JavaScript engines render content when handling objects in memory. The vulnerability can corrupt memory in such a way that an attacker could execute...
Microsoft Edge Memory Corruption (CVE-2017-11888; CVE-2018-8125)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser javascript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11889)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11914)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly accesses objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11895)
A Type Confusion vulnerability exists in Microsoft Browsers. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11909)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge renders when accesses objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11930)
An integer overflow vulnerability exists in Microsoft Browsers. The vulnerability is due to an integer overflow when JavaScript handles huge number of integers in memory. Successful exploitation of this vulnerability can result in Remote Code Execution...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11886)
A remote code execution vulnerability exists in Microsoft Explorer. The vulnerability is in the way that Microsoft browser VBScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the...
Apple WebKit out-of-bounds read (CVE-2017-13783)
An arbitrary code execution vulnerability has been discovered in Apple WebKit. The vulnerability is due to an error in Apple Webkit while handling certain display properties within the style blocks. A remote attacker could exploit this issue by enticing the target user to open a maliciously craft...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11907)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page...
Microsoft Excel Remote Code Execution (CVE-2017-11935)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11903)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafte...
Microsoft Malware Protection Engine Remote Code Execution (CVE-2017-11937)
A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to arbitrary code execution...
WordPress WP-VCD File Injection Remote Code Execution
A remote code execution vulnerability exists in WordPress. The vulnerability is due to improper validation. A remote attacker can exploit this issue by uploading a specially crafted PHP file to the target...
Cobalt Strike Payload Remote Code Execution
Cobalt Strike is an exploit kit that operates by delivering malicious payload to the victim's computer...
PowerDNS Recursor Improper Parameter Handling Remote Code Execution (CVE-2017-15092)
A remote code execution vulnerability exists in PowerDNS. The vulnerability is due to insufficient user input validation of a DNS query.A remote attacker can exploit this weakness to execute arbitrary code in the affected DNS server...
Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)
Vulnerability exists in Jackson data-bind library. This vulnerability is due to deserialization of untrusted data. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...
Apache HTTPD mod_http2 Null Pointer Dereference (CVE-2017-7659)
A null pointer dereference vulnerability exists in the modhttp2 module of Apache HTTPD. This vulnerability is due to improper handling of HTTP requests. A remote, unauthenticated attacker could exploit these vulnerability by sending maliciously crafted HTTP request to the affected server...
HPE Intelligent Management Center WebDMServlet Insecure Deserialization (CVE-2017-12558)
An insecure deserialization vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by the WebDMServlet while having vulnerable classes in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
Apple WebKit Use After Free Code Execution (CVE-2017-13792)
A remote code execution vulnerability has been discovered in Apple WebKit. The vulnerability is due to the way the vulnerable application handles objects in memory. A remote attacker could exploit this issue by enticing the target user to open a maliciously crafted web page...
Exim MTA BDAT Denial Of Service (CVE-2017-16944)
A denial of service vulnerability exists in Exim message transfer agent. The vulnerability is due to improper pointer resetting. A remote attacker can exploit this vulnerability by crafting a sequence of BDAT commands. Successful exploitation can lead to program crash on the effected system...
Apple WebKit Use After Free Code Execution (CVE-2017-13791)
A remote code execution vulnerability has been discovered in Apple WebKit. The vulnerability is due to the way the vulnerable application handles objects in memory. A remote attacker could exploit this issue by enticing the target user to open a maliciously crafted web page...
Exim MTA BDAT Remote Code Execution (CVE-2017-16943)
A remote code execution vulnerability exists in Exim message transfer agent. The vulnerability is due to improper pointer resetting. A remote attacker can exploit this vulnerability by crafting a sequence of BDAT commands. Successful exploitation can lead to arbitrary code execution on the effect...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11870)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft JET Database Engine Excel Component Buffer Overflow (CVE-2017-8717)
A buffer overflow vulnerability exists in the Microsoft JET Database Engine. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted Excel file while using an affected version of Microsoft...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11839)
A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Adobe ColdFusion DataServicesCFProxy Insecure Deserialization (CVE-2017-11283)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation by the DataServicesCFProxy. A successful attack could lead to a remote code execution...
Microsoft Edge Memory Corruption Arbitrary Code Execution (CVE-2017-8751)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Huawei HG532 Router Remote Code Execution (CVE-2017-17215)
A remote code execution vulnerability exists in Huawei HG532 Routers. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...
ZyXEL PK5001Z Modem Authentication Bypass (CVE-2016-10401)
An Unauthorized Access Vulnerability exists in ZyXEL PK5001Z Modem. Successful exploitation of this vulnerability could allow a remote attacker to gain administrator level access on the affected device...
WordPress Formidable Forms Plugin Remote Code Execution
A remote code execution vulnerability exists in WordPress Formidable Forms plugin. A remote attacker can upload and execute vulnerable shortcodes via crafted parameters. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Intelligent Management Center mibFileServlet file Directory Traversal (CVE-2017-12559)
A directory traversal vulnerability exists in HPE Intelligent Management Center PLAT. The vulnerability is due to an input validation error in the mibFileServlet Servlet. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted packet to a vulnerable server...
Microsoft Office Memory Corruption Remote Code Execution (CVE-2017-11882)
A remote code execution vulnerability exists in Microsoft Office Equation Editor. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a...
Viscom Software Movie Player Pro SDK ActiveX Buffer Overflow (CVE-2010-0356)
A buffer overflow vulnerability has been reported in Viscom Software Movie Player Pro SDK. The vulnerability is due to mishandling of an overly long string. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload (CVE-2017-8961)
An arbitrary file upload vulnerability exists in HPE Intelligent Management Center PLAT. The vulnerability is due to an input validation issue on requests handled by the FileUploadServlet servlet. A remote authenticated attacker could exploit this vulnerability by sending a crafted packet to a...
PHP Core timelib_meridian Heap Buffer Overflow (CVE-2017-16642)
A heap-based buffer overflow vulnerability exists in PHP core function timelibmeridian. The vulnerability is due to improper validation of user input. A remote attacker can exploit the vulnerability by sending a crafted request with a malformed time attribute...
Rsync receive_xattr Heap-based Buffer Overread (CVE-2017-16548)
A heap-based buffer overread vulnerability exists in the receivexattr function of rsync. The vulnerability is due to an error in processing non NULL terminated extended attribute name strings in certain cases when using the rsync protocol. A remote, unauthenticated attacker could exploit this...
Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow (CVE-2017-5112)
A heap buffer overflow vulnerability exists in the WebGL component of Google Chrome. This vulnerability is due to a missing bounds check after calculating a user-controlled offset into a heap buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously craft...
GNU Wget fd_read_body Heap Buffer Overflow (CVE-2017-13090)
A heap buffer overflow vulnerability exists in Wget. The vulnerability is due to improper handling of HTTP responses with chunked transfer encoding within the fdreadbody function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to make an HTTP request to the...
Cesanta Mongoose DNS Compressed Name Denial of Service (CVE-2017-2909)
An infinite loop vulnerability exists in the DNS server functionality of Cesanta Mongoose. The vulnerability is due to insufficient handling of compressed names in DNS queries and responses. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted DNS query or respon...