13538 matches found
Trend Micro Control Manager cmdHandlerTVCSCommander SQL Injection (CVE-2017-11383)
An SQL injection vulnerability exists in Trend Micro Control Manager. The vulnerability is due to improper validation of the user supplied input for cmdHandlerTVCSCommander.dll. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server...
Microsoft Internet Explorer Memory Corruption (CVE-2017-8749)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially...
Microsoft Internet Explorer Memory Corruption (CVE-2017-8747)
A memory corruption vulnerability exists in Internet Explorer. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Adobe Flash Player Memory Corruption (APSB17-28: CVE-2017-11281)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted mp4 file...
Microsoft Edge Remote Code Execution (CVE-2017-8757)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page, potentially leading to arbitrary code executed o...
Microsoft Windows PDF Library Remote Code Execution (CVE-2017-8728)
A remote code execution vulnerability exists in Microsoft Windows PDF Library. The vulnerability is due to the way Microsoft Windows PDF Library handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the...
Microsoft Edge Memory Corruption (CVE-2017-8731)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge accesses an object in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Adobe Flash Player Memory Corruption (APSB17-28: CVE-2017-11282)
A memory corruption vulnerability exists in Adobe Flash player. The vulnerability is due to an error in the text handling functionality. A remote attacker can exploit this vulnerability by enticing the user to open a crafted SWF file...
Microsoft Win32k Graphics Remote Code Execution (CVE-2017-8682)
A remote code execution vulnerability exists in Windows font library. The vulnerability is due to the way Windows font library improperly handles specially crafted embedded fonts. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TTF file...
Microsoft .NET Framework Remote Code Execution (CVE-2017-8759)
A remote code execution vulnerability exists in the Microsoft .NET Framework. The vulnerability is due to the way .NET framework parses Web Services. A remote attacker could exploit this vulnerability by sending specially crafted data to the target that uses .NET framework...
Microsoft Browser Memory Corruption (CVE-2017-8750)
A remote code execution vulnerability exists in Microsoft Browser. The vulnerability is due to the way Microsoft Browser renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows PDF Library Remote Code Execution (CVE-2017-8737)
A remote code execution vulnerability exists in Microsoft Windows PDF. The vulnerability is due to the way Microsoft Windows PDF Library handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8753)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way that the Scripting Engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web pag...
Microsoft Edge Memory Corruption (CVE-2017-8734)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge accesses an object in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8738)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Windows GDI Information Disclosure (CVE-2017-0190)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device InterfaceGDIhandles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter passed to the saveSelectedDevices method through a GWT RPC request. A remote, authenticated attacker can exploit this vulnerability by sendi...
Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)
A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system...
Apache Struts REST Plugin XStream Deserialization Remote Code Execution (CVE-2017-9805)
A remote code execution vulnerability exists in Apache Struts. This vulnerability is due to the an insecure deserialization. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will allow an attacker to execute arbitrary co...
OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read (CVE-2017-3735)
An out-of-bounds read vulnerability exists in OpenSSL. The vulnerability is due to improper handling of malformed IPAddressFamily extensions within X.509 certificates. A remote attacker could exploit this vulnerability by sending a crafted certificate to a vulnerable server...
Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection (CVE-2017-11385)
A SQL injection vulnerability exists in Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server...
Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure (CVE-2017-9512)
An information disclosure vulnerability exists in Atlassian FishEye and Crucible. The vulnerability is due to a lack of permission check on mostActiveCommitters.do. A remote, unauthenticated attacker can exploit this vulnerability by sending a request to mostActiveCommitters.do...
Symantec Messaging Gateway performRestore Command Injection (CVE-2017-6327)
A command injection vulnerability exists in Symantec Messaging Gateway. The cause of the vulnerability due to combination of an authentication bypass in LoginAction and a lack of sanitization on user input...
Cacti spikekill.php Cross-Site Scripting (CVE-2017-12927)
A reflected cross-site scripting vulnerability exists in Cacti. This vulnerability is due to improper validation of user supplied input within the web user interface when accessing the spikekill.php page...
Microsoft Office Composite Moniker Code Execution (CVE-2017-8570)
A remote code execution vulnerability exists in Microsoft Office. This vulnerability is due to incorrect handling of embedded OLE objects in Office documents. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file...
HPE Intelligent Management Center multiple Expressions Language Injection (CVE-2017-12500; CVE-2017-12526)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of the beanName request parameter on ictExpertDownload.xhtml and on wmiConfigContent.xhtml . A remote, authenticated attacker can exploit this vulnerabilit...
Apache Subversion svn-ssh URL Command Execution (CVE-2017-9800)
A command execution vulnerability exists in Apache Subversion, due to improper processing of svn+ssh:// URLs. A remote attacker could exploit this vulnerability by enticing a user to checkout a malicious repository...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8634)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...
PostgreSQL Database Core Server non-libpq Client Policy Bypass (CVE-2017-7546)
A security policy bypass vulnerability exists in the core server component of the PostgreSQL database server. The vulnerability is due to improper authentication of user accounts with empty passwords for clients that do not use libpq. A remote attacker could send maliciously crafted requests to a...
Firefox PDF.js Javascript Injection (CVE-2015-0802; CVE-2015-0816)
A remote code execution vulnerability exists in Firefox 35-36. The vulnerability is due to a privilege escalation bug in certain resources. A remote attacker can exploit this vulnerability by enticing a victim to view maliciously crafted content...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8657)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-8635)
A memory corruption vulnerability exists in Microsoft Browsers. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Edge EmitAssignment Memory Corruption
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8640)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-8636)
A memory corruption vulnerability exists in Microsoft browser. The vulnerability is due to an error in the way that Microsoft browser accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8656)
An improper initialization of memory vulnerability exists in Chakra, Microsoft Edge's scripting engine. This vulnerability is due to the incorrect initialization of a variable within the DefineUserVars function due to an error in PreVisitCatch.A remote attacker could exploit this vulnerability by...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8671)
An off-by-one vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to the way Microsoft Edge Chakra JavaScript engine renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8670)
A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8645)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8646)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engines render content when handling objects in memory. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page, potentiall...
Hangul Word Processor Type Confusion (CVE-2015-6585)
There exists a Type Confusion vulnerability in the Hangul Word Processor HWP. This is due to the way HWP handles Para change requests. A successful attack, such as in the Hidden Cobra Botnet, could lead to arbitrary code execution or stolen information...
Multiple PHP Webservers Ransomware Upload
A file upload vulnerability exists in various PHP webservers. Successful exploitation of this vulnerability could allow a remote attacker to execute PHP Ransomware code on the compromised server. This method is often used by ransomware such as EV, Lalabitch, JapanLocker, CTB-Locker and others...
Microsoft Edge Chakra Eval Integer Overflow (CVE-2017-8641)
An integer overflow vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to an overly large size of the eval function argument. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Foxit Reader PDF Command Injection Remote Code Execution (CVE-2017-10951)
A remote code execution vulnerability has been reported in Foxit Reader. The vulnerability is due improper validation of a string before using it to execute a system call. A remote attacker could exploit this vulnerability by enticing a user to click a maliciously crafted file. Successful...
Foxit Reader PDF Arbitrary File Write Remote Code Execution (CVE-2017-10952)
A remote code execution vulnerability has been reported in Foxit Reader. The vulnerability is due improper data validation which could lead to writing files. A remote attacker could exploit this vulnerability by enticing a user to click a maliciously crafted file. Successful exploitation could le...
Joomla Core SetType Cross-Site Scripting (CVE-2017-9934)
A Cross-Site Scripting vulnerability exists in Joomla Core. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a crafted request to the target...
Microsoft Windows Search Type Confusion (CVE-2017-8620)
A remote code execution vulnerability exists in the Windows Search service of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...
Disdain Exploit Kit Landing Page
Disdain exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
WordPress Plugin Link-Library Authenticated SQL Injection
An SQL injection vulnerability has been reported in WordPress Link-Library Plugin. Successful exploitation of this vulnerability would allow an authenticated remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Plugin I-Recommend-This SQL Injection
An SQL injection vulnerability has been reported in WordPress I-Recommend-This Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...