1634 matches found
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory...
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory...
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability in the Calendar feature that allows an attacker to execute arbitrary code...
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object...
Zabbix Frontend Authentication Bypass Vulnerability
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...
Zabbix Frontend Improper Access Control Vulnerability
Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend...
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...
WinRAR Absolute Path Traversal Vulnerability
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution...
PHPUnit Command Injection Vulnerability
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution...
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution...
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution...
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"...
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability...
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...
Microsoft Windows SAM Local Privilege Escalation Vulnerability
If a Volume Shadow Copy VSS shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level...
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file...
Apache ActiveMQ Improper Input Validation Vulnerability
The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office...
D-Link DIR-645 Router Remote Code Execution Vulnerability
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface...
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges...
Apache Struts 1 Improper Input Validation Vulnerability
The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory...
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client...
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
A code execution vulnerability exists in the Stapler web framework used by Jenkins...
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution...
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
Apple Memory Corruption Vulnerability
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges...
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution...
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
Intel products contain a vulnerability which can allow attackers to perform privilege escalation...
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges...
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code...
Apache Struts 1 ActionForm Denial-of-Service Vulnerability
ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...
SolarWinds Serv-U Improper Input Validation Vulnerability
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...
Apache Struts 2 Improper Input Validation Vulnerability
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges...
October CMS Improper Authentication
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...
F5 BIG-IP Traffic Management Microkernel Buffer Overflow
The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls...
Oracle Business Intelligence Enterprise Edition Path Transversal
Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...
Aviatrix Controller Unrestricted Upload of File
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...
Microsoft Exchange Server Information Disclosure
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target...
System Information Library for Node.JS Command Injection
In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote...