13538 matches found
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11800)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Win32k Elevation of Privilege (CVE-2017-8694)
An elevation of privilege vulnerability exists in Windows Kernel-Mode Driver. The vulnerability is due to an error in the way Microsoft Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kern...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11798)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
HPE Intelligent Management Center dbman Stack Buffer Overflow (CVE-2017-8956)
A stack-based buffer overflow exists in the dbman component of HPE Intelligent Management Center. The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying it to a fixedlength stack-based buffer. A remote, unauthenticated attacker can exploit this...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0201)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted we...
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...
DenyAll Web Application Firewall Remote Code Execution (CVE-2017-14706)
An authentication bypass and code injection vulnerability has been reported in DenyAll Web Application Firewall. The vulnerability is due to an information disclosure and the way that DenyAll Web Application Firewall validates session IDs while authenticating users. Remote attackers can execute a...
Apache Tomcat HTTP PUT Remote Code Execution (CVE-2017-12617)
A remote code execution vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient validation of PUT requests. A remote attacker can exploit this vulnerability by sending a specially crafted request containing a JSP page to the vulnerable server...
Dnsmasq Lack of Free Denial of Service (CVE-2017-14495)
A denial of service vulnerability exists over Dnsmasq. This is due to the way Dnsmasq handles TTL requests. A successful attack could lead to a denial of service...
Dnsmasq Integer Underflow Denial Of Service (CVE-2017-14496)
A denial of service vulnerability exists over Dnsmasq. This is due to the way Dnsmasq handles packet information. A successful attack could lead to a denial of service...
Dnsmasq Heap Based Overflow Remote Code Execution (CVE-2017-14491)
A remote code execution vulnerability exists in Dnsmasq. remote, unauthenticated attacker can exploit this vulnerability by sending crafted queries under certain circumstances...
Oracle Java SE MixerSequencer Object GM_Song Remote Code Execution (CVE-2010-0842)
A remote code execution vulnerability exists in Oracle Java SE 6u18 and prior. The vulnerability is caused by running specially crafted MIDI file within an RMF File. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
An information disclosure vulnerability exists in Apache Tomcat. By crafting a malicious request an attacker may view the source code of jsp files for resources...
Microsoft Office Undocumented Feature Information Disclosure
An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an error in Microsoft Office that fails to properly parse the file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization (CVE-2015-5377)
An insecure deserialization vulnerability exists in Elastic Elasticsearch. This vulnerability is due to the deserialization of untrusted ThrowableObjectInputStream data.A remote, unauthenticated attacker could exploit this vulnerability by sending crafted serialized data to the target application...
Trend Micro Mobile Security Enterprise eas_agent_unregister slink_id SQL Injection (CVE-2017-14078)
An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the slinkid request parameter with easagentunregister action. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to...
Nodejs V8 Debugger Remote Code Execution
A remote code execution vulnerability is exist in Node.js v8 debugger. A remote attacker can exploit this weakness to execute arbitrary code in the Nodejs server via a crafted request...
SMBv1 Scanner
An SMB scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the SMBv1 vulnerabilities on a target server...
Microsoft Internet Explorer Address Bar Information Disclosure
An information disclosure vulnerability exists in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information about the user address bar content...
Digium Asterisk RTP Stack Information Disclosure (CVE-2017-14099)
An information disclosure vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of incoming RTP/RTCP packets when the chansip and chanpjsip channel drivers are configured to use NAT and Symmetric-RTP respectively...
WordPress Visual Editor Cross Site Scripting
A cross-site scripting vulnerability exists in WordPress Visual Editor. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
HPE Intelligent Management Center getSelInsBean Expression Language Injection (CVE-2017-12490)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter used by the getSelInsBean method that was received from a prior GWT RPC request. A remote, authenticated attacker can exploit this...
Digium Asterisk non-SIP URIs Denial-of-Service (CVE-2017-14098)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of non-SIP URIs within the sanitizetdata function. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted SIP packets to an Asterisk server...
Joomla LDAP Information Disclosure (CVE-2017-14596)
A LADP information disclosure vulnerability exists in Joomla!. Successful exploitation of this vulnerability allows an unprivileged remote attacker to extract all authentication credentials of the effected system...
PeaZip Compressed Filename Command Injection (CVE-2009-2261)
A command injection vulnerability exists in PeaZip. A remote attacker may exploit this vulnerability by sending a specially crafted Zip file to a target user, and convince him to open this file with PeaZip. Successful exploitation would allow an attacker to execute commands in the security contex...
Linux Kernel NFSv4 nfsd PNFS denial of Service (CVE-2017-8797)
A denial of service vulnerability exists in the NFSv4 component of the Linux Kernel. The vulnerability is due to improper handling of the pNFS LAYOUTGET and GETDEVICEINFO commands. A remote attacker can exploit this vulnerability by sending maliciously crafted packets to a vulnerable system...
Microsoft Office WordPerfect Document Converter Heap-based Buffer Overflow (CVE-2017-8744)
A heap-based buffer overflow vulnerability exist in WordPerfect Document Converter component of Microsoft Office. The vulnerability is due to improper validation of the document data prior to copying it to a heap-based buffer. A remote attacker could exploit the vulnerability by enticing a victim...
Elastic Elasticsearch Snapshot API Directory Traversal (CVE-2015-5531)
A directory traversal vulnerability exists in Elastic Elasticsearch. The vulnerability is due to insufficient validation on a user-supplied path when a request is sent to access a snapshot repository. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted packets to...
Multiple Websites Mine Cryptocurrencies CPU Hijacking
A CPU hijacking vulnerability exists in multiple web servers. A remote attacker can exploit this vulnerability using one of the following miners: CoinHive, CryptoLoot, MineMyTraffic, ProjectPoi and JSECoin. Successful exploitation allows a remote attacker to use a clients CPU for currency mining...
Advantech WebAccess rmTemplate.aspx SQL Injection (CVE-2017-12710)
A SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of input used to construct SQL queries. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the target server...
Google Chrome V8 Crankshaft Type Confusion (CVE-2017-5070)
A type confusion vulnerability exists in Google Chrome. The vulnerability is due to improper handling of objects in memory by the V8 JavaScript engine while compiling code. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page...
Apache Tomcat PUT Method Arbitrary File Upload Remote Code Execution (CVE-2017-12615; CVE-2017-12617)
A remote code execution vulnerability exists in Apache Tomcat on Windows. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. successful exploitation could lead to arbitrary code execution...
Foxit Reader and PhantonPDF XFA gotoURL Command Injection (CVE-2017-10953; CVE-2019-8160)
A command injection vulnerability exists in the XFA component of Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of user-supplied string for the gotoURL function call. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web...
HPE Operations Orchestration central-remoting Insecure Deserialization (CVE-2017-8994)
An insecure deserialization vulnerability in HPE Operations Orchestration. The vulnerability is due to the deserialization of untrusted data in central-remoting servlets. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted serialized data to the target application...
WordPress Display Widgets Plugin Spammers Backdoor
A backdoor vulnerability exists in WordPress Display Widgets Plugin. Successful exploitation of this vulnerability allows remote attackers to change the effected site's content...
strongSwan gmp Plugin Denial of Service (CVE-2017-11185)
A denial-of-service vulnerability exists in strongSwan. The vulnerability is due to insufficient validation of RSA signature values before their use within the gmp plugin. A remote attacker could exploit this vulnerability by sending a crafted message to the target server...
Microsoft Windows Search Information Disclosure (CVE-2017-8544)
An information disclosure exists in the Search component of Microsoft Windows. The vulnerability is due to how Windows Search handles objects in memory. A remote attacker can exploit this vulnerability by sending specially crafted SMB messages to the Windows Search service...
Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)
A denial-of-service vulnerability exists in the Apache Struts 2 REST plugin. The vulnerability is due improper validation of XML input by the XStream library, during the deserialization process. A remote attacker could exploit this vulnerability by sending a crafted XML payload to the target serv...
Multiple Routers Unauthenticated Router Factory Reset (CVE-2017-14147)
An authentication bypass vulnerability exists in FiberHome routers and in other vendor routers. The vulnerability is due to an insufficient validation of HTTP requests sent to the router. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to th...
Apache HTTP Optionsbleed Memory Leak (CVE-2017-9798)
A use afetr free vulnerability exuists in Apache HTTP Server. A remote attacker can exploit this issue by sending an OPTIONS request to the vulnerable system. A successful attack may lead to memory leakage and loss of private data...
Malicious Embedded Executable Downloader
Many campaigns are known to use mail attachments containing double zipped files. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...
Suspicious Evasion In HTML
Evasion tools can be useed in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target...
Repetitive IMAP Login Failures
An attacker may attempt to gain access to email accounts by repeatedly trying to log in using various passwords, eventually finding the correct one, a technique known as "Brute Force". Successful exploitation may result in an unauthorized access to an email account...
Microsoft Windows XXE Information Disclosure (CVE-2017-8710)
An XML external entity XXE injection vulnerability exists in the Console component of Microsoft Windows. The vulnerability is due to a failure to properly handle external entity references in XML files. A remote attacker could exploit this vulnerability by enticing a target user into opening a...
Mitsubishi Electric E-Designer BEComliSlave Status_bit Stack Buffer Overflow (CVE-2017-9638)
A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. The vulnerability is due to the missing input validation of the Statusbit property of BEComliSlave configuration file. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously...
WordPress REST API Plugin Information Disclosure (CVE-2017-5487)
An information disclosure vulnerability exists in WordPress REST API Plugin. Successful exploitation could result in the disclosure of sensitive user information...
HPE Intelligent Management Center userSelectPagingContent Expression Language Injection (CVE-2017-12521)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to a lack of validation on a request parameter on requests sent to the server. A remote attacker can exploit this vulnerability by sending a crafted request to the target server...
Disk Pulse Enterprise GET Buffer Overflow
A buffer overflow vulnerability exists in the web server component of Disk Pulse Enterprise Server. The vulnerability is due to insufficient bounds check. Successful exploitation of the vulnerability may cause code execution under Windows NT AUTHORITYSYSTEM account...
EMC VMAX3 VASA Provider UploadConfigurator Directory Traversal (CVE-2017-4997)
A directory traversal vulnerability exists in the EMC VMAX3 VASA Provider Virtual Appliance. The issue results from the servlet UploadConfigurator serving files that have been uploaded by a user. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the...
Microsoft Windows RDP Brute Force Login Attempt
A remote attacker can exploit this vulnerability by using brute force login attempt. Successful exploitation would allow an attacker to gain unauthorized access to the server...