13538 matches found
Crypttech CryptoLog Remote Code Execution
A sql injection vulnerability and a command injection vulnerability exist in Crypttech CryptoLog. The vulnerability is due to insufficient input validation in the application. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code in the context o...
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)
An information disclosure vulnerability exists in the SMBv1 component of Microsoft Windows SMB server. The vulnerability is due to improper handling of SMBv1 requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMBv1 messages to a target server...
HPE Intelligent Management Center RMI Registry Insecure Deserialization (CVE-2017-5792)
An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by RMI Registry while having vulnerable classes in the code path. A remote, unauthenticated attacker can exploit this vulnerability by...
Mantis Bug Tracker verify.php confirm_hash Remote Password Reset (CVE-2017-7615)
A remote password reset vulnerability exists in Mantis Bug Tracker. The vulnerability is due to a lack of input validation on the confirmhash parameter when verifying password reset requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to th...
Terror Exploit Kit URL Pattern
Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...
Magento Vimeo Invalid Image Cross Site Request Forgery
A cross-site request forgery vulnerability exists in Magento. The vulnerability is due to insufficient CSRF protections, that enables an attacker to upload arbitrary files including PHP files to a target server. A remote attacker can exploit this vulnerability by enticing a target authenticated...
Microsoft Windows DoublePulsar SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
Oracle MySQL sql_authentication Integer Overflow (CVE-2017-3599)
A vulnerability exist in Oracle MySQL. The vulnerability is due to an integer overflow in the Pluggable Authentication module of MySQL. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the vulnerable server. Successful exploitation could result in...
Network Time Protocol Daemon peer xmit mode Denial of Service (CVE-2017-6464)
A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a lack of input validation on the mode parameter in peerxmit when configuring ntp servers. A remote, authenticated attacker can exploit this vulnerability by sending a crafted packet to...
Dovecot SASL Authentication Component Denial of Service (CVE-2016-8652)
A denial of service vulnerability exists in the SASL authentication component of Dovecot server. The vulnerability is due to improper handling of username when processing SASL authentication if auth-policy component has been activated. A remote attacker could exploit this vulnerability by sending...
Serviio Media Server Remote Code Execution
A code execution vulnerability exists in Serviio Media Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple Safari WebKit JSString Use After Free Code Execution (CVE-2017-2491)
Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...
Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3045)
An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is caused due to insufficient bounds check in JPEG 2000 parser. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3074)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
HPE Intelligent Management Center CommonUtils ZIP Directory Traversal (CVE-2017-5793)
A directory traversal vulnerability exist in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on uploaded ZIP files handled by the CommonUtils class. A remote attacker can exploit this vulnerability by sending an HTTP request containing a...
HPE Intelligent Management Center accessMgrServlet Insecure Deserialization (CVE-2017-5790)
An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by the accessMgrServlet while having vulnerable classes in the code path. A remote, unauthenticated attacker can exploit this vulnerabili...
Microsoft Office Multiple Remote Code Execution (CVE-2017-0261)
A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...
Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230)
A directory traversal vulnerability has been reported in Oracle Fusion Middleware MapViewer. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploaderServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HT...
Serviio Media Server Cross-Site Scripting
A cross-site scripting vulnerability exists in Serviio Media Server. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Microsoft Office EPS Remote Code Execution (CVE-2017-0262)
A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...
Microsoft Windows COM Elevation of Privilege (CVE-2017-0214)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way Windows validate input before loading type libraries. A remote attacker can exploit this vulnerability to execute arbitrary code...
Intel AMT Framework Unauthorized Admin Entry (CVE-2017-5689)
An unauthorized admin entry vulnerability exists within Intel AMT services. The vulnerability exists because of a mishandling of admin password request. A successful attack can give remote access to the administrator account...
Check-Host Website Monitoring Service
Check-Host is a web service for checking the availability of hosts, DNS records, and IP addresses from different locations. It may be used to gather information on target servers as a preliminary stage before launching an attack...
Adobe Flash Player Use After Free Code Execution (APSB17-15: CVE-2017-3071)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0228)
A memory corruption vulnerability exists in Microsoft Browsers. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Malware Protection Engine Type Confusion Remote Code Execution (CVE-2017-0290)
A type confusion vulnerability exists in Microsoft Malware Protection Engine. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code...
Microsoft Office Remote Code Execution (CVE-2017-0243)
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3073)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3072)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3069)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Windows COM Elevation of Privilege (CVE-2017-0213)
An elevation of privilege exists in Windows COM Aggregate Marshaler. The vulnerability is due to improper handling of certain objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges...
Microsoft Windows DNS Server Denial of Service (CVE-2017-0171)
A denial of service vulnerability exists in Windows DNS servers. This vulnerability is due to a mishandling of malformed packets by the DNS servers. An attacker can exploit this vulnerability by sending a malformed packet to a Windows DNS server...
Microsoft Edge Memory Corruption (CVE-2017-0240)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft scripting engines handle objects in memory. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the rights of the current user...
Microsoft Edge Memory Corruption (CVE-2017-0227)
A type confusion memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3068)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted FLV file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted FLV file...
Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3070)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0259)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the Windows kernel improperly initializing objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0236)
A memory corruption vulnerability exists in Microsoft Edge. The Vulnerability is due to the JScript and VBScript engines improperly handling objects in memory in. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the same rights as the...
Microsoft Win32k Information Disclosure (CVE-2017-0245)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the win32k component improperly providing kernel information. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0234)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Win32k Elevation of Privilege (CVE-2017-0246)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation...
Microsoft Win32k Information Disclosure (CVE-2017-0077)
A null pointer dereference vulnerability exists within the DDI of Windows. The vulnerability is due to the failure of Windows kernel-mode driver to properly handle objects in memory. A remote unauthenticated attacker can exploit this vulnerability by running a specially crafted application...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0238)
A heap buffer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Internet Explorer Security Feature Bypass (CVE-2017-0064)
A security feature bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the mixed content warning security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected versi...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0258)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...
Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)
A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...
Microsoft Edge Remote Code Execution (CVE-2017-0266)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way affected Microsoft scripting engines render when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Edge Memory Corruption (CVE-2017-0221)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling of objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge allowing...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0220)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...
Microsoft Windows Kernel Information Disclosure (CVE-2017-0175)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...