13538 matches found
Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16384)
A buffer over-read vulnerability exists in the exif processing module for a PNG file during XPS conversion. The vulnerability is due to an invalid input leads to an incorrect memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially...
Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16374)
A buffer over-read vulnerability exists in the JPEG 2000 module. The vulnerability is due to an invalid JPEG 2000 input code stream leading to an invalid memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Heap Overflow (APSB17-36: CVE-2017-16383)
A heap buffer overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in Adobe Reader while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11225)
An Use After Free vulnerability exists in Adobe Flash Player. The vulnerability is due to the way Adobe Flash handles objects in memory. A remote attacker can exploit this vulnerability by sending a crafted file...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16404)
A Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the computation that writes data past the end of the intended buffer. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16399)
An Out-of-bounds vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way of processing fpage files embedded within XPS document. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted XPS document...
Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16365)
A buffer over-read vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16372)
A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Microsoft Internet Explorer Memory Corruption (CVE-2017-11855)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16417)
A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful...
Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16373)
A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Adobe Acrobat and Reader Improper Validation of Array Index (APSB17-36: CVE-2017-16391)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while calculate an array index. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16360)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16362)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16387)
An buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16388)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16371)
A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16364)
A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16375)
A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...
Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11215)
An use after free vulnerability have been reported in Adobe Flash Player. The vulnerability is due to the way Adobe Flash handles objects in memory. A remote attacker can exploit this vulnerability by sending a crafted file...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11840)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16386)
A buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when XPS2PDF conversion engine handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted XPS...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16418)
A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted XML/XPS file...
Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16366)
A Security bypass vulnerability exists in Adobe Acrobat and Reader. The vulnerability is in the way Internet Explorer handles embedded pdf files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16420)
A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11837)
A remote code execution vulnerability exists in Microsoft browsers. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11843)
A Use-After-Free vulnerability exists in Microsoft browsers. The vulnerability is due to the way the scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...
Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16361)
A Security Bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted FDF/XFDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16412)
An out-of-bounds read vulnerability exists in the XPS component of Adobe Acrobat. The vulnerability is due to improper handling of embedded JPEG images in an XPS document. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XPS document...
WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)
An authentication bypass vulnerability exists in WordPress Userpro Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Microsoft Windows Graphics Component Information Disclosure (CVE-2017-11816)
An information disclosure vulnerability exists in the GDI component of Microsoft Windows. The vulnerability is due to an out-of-bounds read error when processing a WMF file. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page or document...
EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow
A buffer overflow vulnerability is found in a function responsible for processing HTTP POST requests in the sendemail.ghp endpoint of EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on part of the function to properly perform boundary checking on user input. A...
Trend Micro OfficeScan Memory Corruption (CVE-2017-14089)
A memory corruption vulnerability exists in Trend Micro's OfficeScan. A remote unauthorized attacker may exploit this issue by accessing the OfficeScan server and targeting cgiShowClientAdm.exe to cause memory corruption issues...
Pivotal Spring PATCH Request Remote Code Execution (CVE-2017-8046)
A remote code execution vulnerability exists in Pivotal Spring Data REST. The vulnerability is due to insufficient validation of user supplied input. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected server...
Brother Debut Embedded Httpd Unauthenticated Denial Of Service (CVE-2017-16249)
A denial of service vulnerability exists in Brother Debut embedded httpd server . A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...
Trend Micro InterScan Messaging Security modTMCSS Command Injection (CVE-2017-11391; CVE-2017-11394)
A command injection vulnerability exists in Trend Micro InterScan Messaging Security virtual appliance. The vulnerability is due to improper validation of request parameters within the modTMCSS Proxy functionality. A remote, authenticated attacker could exploit the vulnerability by sending a...
FLIR Thermal Camera Remote Code Execution
A remote code execution vulnerability exists in FLIR Thermal cameras. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...
FLIR Thermal Camera Information Disclosure
An information disclosure vulnerability exists in FLIR Thermal cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)
An information disclosure vulnerability exists in Hikvision IP cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...
MVPower DVR Remote Code Execution
A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...
Oracle Identity Manager Authentication Bypass (CVE-2017-10151)
An authentication weakness vulnerability exists in Oracle Identity Manager. The vulnerability is due to the presence of previously unknown default credentials. A remote attacker can exploit this vulnerability by authenticating to the system using the default credentials. Successful exploitation...
Flexense DiskPulse Client Import Stack Buffer Overflow
A stack buffer overflow vulnerability exists in the client component of Disk Pulse Enterprise Server. The vulnerability is due to improper parsing of an XML file when performing import command or import profile action. A remote, unauthenticated attacker could exploit this vulnerability by enticin...
WordPress Core WPDB SQL Injection
An SQL injection exists in the WordPress Core. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
ZKTeco ZKTime Web Cross Site Request Forgery (CVE-2017-13129)
A Cross Site Request Forgery vulnerability exists in ZKTime Web. The vulnerability is due to lack of protections mechanisms in place to block any kind of forged requests. unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
Microsoft Windows Search Remote Code Execution (CVE-2017-11771)
A remote code execution vulnerability exists in the Windows Search service of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
Suspicious Metadata Mail Phishing Containing Attachment - ver2
Mail attachment containing a malicious downloader was observed as part of ransomware campaigns. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the target system...
Microsoft Windows SMB Server SMBv1 Information Disclosure (CVE-2017-11815)
An information disclosure vulnerability exists in the SMB Server component of Microsoft Windows. The vulnerability is due to improper handling of SMBv1 requests. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to a target SMB server...
Suspicious Hyperlink Mail Phishing Attempt - ver2
A common method for Phishing, used in malspam campaigns, is the use of hyperlinks inside such a seemingly valid entity, in order to direct the victim into a designated website controlled by the attacker or in order to make the user download malware such as Hancitor/Pony...
Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation on objects in the RMI Registry before deserializing them. A remote, unauthenticated attacker can exploit this vulnerability by sending...
Cisco Prime Collaboration Provisioning logconfigtracer.jsp Arbitrary File Deletion (CVE-2017-6637)
An arbitrary file deletion vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted reques...