293 matches found
SRC-2019-0057 : Artifex MuJS regcompx pattern Integer Overflow Remote Code Execution Vulnerability Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MuPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SRC-2021-0004 : Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft Exchange Server. Authentication and user interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with...
SRC-2021-0009 : Smarty Template Engine template_object Sandbox Escape Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the...
SRC-2021-0014 : Progress MOVEit Transfer (DMZ) SILHuman FolderApplySettingsRecurs SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of MOVEit Transfer. Authentication is required to exploit this vulnerability. The specific flaw exists within the FolderApplySettingsRecurs function of the SILHuman class. The iss...
SRC-2021-0019 : Microsoft SharePoint Server ProfilePropertyLoader Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Microsoft SharePoint Server. Authentication and user interaction is required to exploit this vulnerability. The specific flaw exists within the ProfilePropertyLoader control. The...
SRC-2021-0025 : Foxit Reader Field Format event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to elevate privileges. User interaction is required required to exploit this vulnerability. The specific flaw exists in the oauthauthorize page. The issue results from a missing X-Frame-Options header when performing an authorizati...
SRC-2020-0018 : Adobe Acrobat Reader DC Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...
SRC-2021-0027 : Foxit Reader Field Calculate event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2020-0023 : Microsoft SharePoint Server SoapDataSource GetResponseString Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SoapDataSource class. The issue results from the lack of proper...
SRC-2021-0006 : NetMotion Mobility Server RpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RpcServlet class. The issue results from the lack of...
SRC-2021-0020 : Eclipse PHP Development Tools DBGP XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eclipse PHP Development Tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBG protocol. The issue results from th...
SRC-2017-0028 : Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Java SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2021-0024 : Foxit Reader Field OnFocus event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileStorage class. The issue results from the la...
SRC-2021-0026 : Foxit Reader Field Keystroke event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0008 : NetMotion Mobility Server webrepdb StatusServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StatusServlet class. The issue results from the lack o...
SRC-2021-0015 : zzzcms zzzphp parserIfLabel Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of zzzphp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the search template. The issue results from the lack of...
SRC-2021-0028 : Foxit Reader Field OnBlur event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2020-0034 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...
SRC-2020-0010 : Schneider Electric EcoStruxure Operator Terminal Expert Hardcoded Cryptographic Key Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. Local access to project files is required to exploit this vulnerability. The specific flaw exists within the...
SRC-2018-0007 : Beckoff TwinCAT3 Multiple Kernel Drivers Untrusted Pointer Dereference Privilege Escalation Vulnerabilities
Vulnerability Details: This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Beckoff TwinCAT3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...
SRC-2020-0028 : Microsoft SharePoint Server PasswordRecovery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the PasswordRecovery class. The issue results from the lack...
SRC-2021-0007 : NetMotion Mobility Server MvcUtil valueStringToObject Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MvcUtil class. The issue results from the lack of prop...
SRC-2019-0053 : Hewlett Packard Enterprise Intelligent Management Center Standard OperatorMgrImpl isAccountBindingWithOperator SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0009 : ATutor LMS password_reminder TOCTOU Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0045 : Microsoft Internet Explorer HyperlinkString Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2020-0026 : Microsoft Exchange Server NewExchangeCertificate WriteRequest File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2019-0032 : Foxit Reader PDF Printer Request Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
SRC-2019-0034 : Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TarArchive class. The issue results from the lac...
SRC-2020-0019 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2016-0007 : ATutor LMS searchFriends SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the searchFriends function within the ‘friends.inc.php’ script. An attacker...
SRC-2016-0040 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0022 : Microsoft Office Component FSupportSAEXTChar Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2020-0032 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0001 : Microsoft SharePoint Server ContentEditorWebPart GetHttpWebResponse Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentEditorWebPart class. The issue results from the...
SRC-2019-0060 : Adobe Photoshop CC Type 1 Font FontBBox array Stack Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0083 : Cisco Prime Infrastructure Health Monitor HA TarArchive Command Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TarArchive class. The issue results from the lac...
SRC-2017-0007 : Adobe Acrobat Pro DC ImageConversion EMF parsing EMR_EXTTEXTOUTA Array Indexing Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2021-0016 : Microsoft SharePoint Server InputFormRegularExpressionValidator Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to cause a denial of service on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the InputFormRegularExpressionValidator class. The issue results...
SRC-2019-0044 : Hewlett Packard Intelligent Management Center Standard SmscCfgDaoImpl updateEmailSuffix SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0012 : ATutor LMS confirm ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when updating a members email address. The code uses a loose comparison when comparing the supplied...
SRC-2020-0020 : Microsoft SharePoint Server ExchangeAutodiscover GetDataFromURL Blind Server-Side Request Forgery Tampering Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges under certain conditions. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetFreeBusyStatusForOneUser function inside of the AsynchronousWebPartService class. The...
SRC-2020-0013 : Cisco UCS Director MyCallable call Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director and Cisco UCS Director Express for Big Data. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2019-0040 : Cisco Prime Infrastructure DbTableListAction orderByColumn SQL Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the DbTableListAction struts class. The issue...
SRC-2019-0038 : Cisco Prime Infrastructure XmpFileUploadServlet Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the XmpFileUploadServlet servlet. The issue results from...
SRC-2018-0017 : Foxit Reader PDF Parsing U3D Array Indexing Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2019-0078 : Adobe Acrobat Pro DC Type PostScript File Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0061 : Adobe Photoshop CC ASCII85Decode filter Heap Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...