293 matches found
SRC-2019-0039 : Cisco Prime Infrastructure SampleFileDownloadServlet Directory Traversal Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the SampleFileDownloadServlet servlet. The issue...
SRC-2020-0033 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2018-0029 : Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
SRC-2019-0056 : Hewlett Packard Enterprise Intelligent Management Center imcrs ConfFileResource renameFile Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0000 : ATutor LMS login_functions.inc.php Password Hash Usage Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of ATutor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of challenges for authentication. The implementation of th...
SRC-2020-0031 : Microsoft Exchange Server EWS RouteComplaint ParseComplaintData XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of RouteComplaint SOAP requests to the EWS service...
SRC-2019-0014 : Oracle Application Testing Suite UploadServlet External Entity Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. Due to the...
SRC-2016-0042 : Microsoft Office Word OneTableDocumentStream Integer Underflow Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2017-0021 : Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0024 : Oracle Knowledge Management Castor Library XML External Entity Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TestClient.jsp script using the...
SRC-2019-0079 : Adobe Acrobat Pro DC Type PostScript File Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0022 : Adobe Acrobat Pro DC Distiller DCTDecode JPEG parsing SOS Marker Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0005 : Foxit Reader SDK ActiveX Pro createDataObject File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0013 : Windows Jet Database Engine TblPage CreateColumns Out-Of-Bounds Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
SRC-2019-0015 : Oracle Application Testing Suite ActionServlet processFileUpload Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required to exploit this vulnerability. The specific flaw exists within the ActionServlet servlet's processFileUpload...
SRC-2018-0027 : Foxit Reader DataView Uninitialized Object Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2017-0005 : Nitro PDF Pro Doc.saveAs and App.launchURL Remote Code Execution Vulnerabilities
Vulnerability Details: These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Nitro PDF Reader and Nitro PDF Reader Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil...
SRC-2017-0002 : Adobe Acrobat Pro DC ImageConversion TIFF Parsing Use-After-Free Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0035 : Microsoft Internet Explorer HyperlinkString Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...
SRC-2020-0007 : Cisco Data Center Network Manager SystemFileDAO deleteFile Directory Traversal Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2019-0064 : Adobe Photoshop CC Type 2 Font Charstring error Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0059 : Adobe Photoshop CC Type 1 Font FontInfo dictionary Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0067 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0075 : Adobe Acrobat Pro DC Type 2 Charstring put Integer Overflow Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0021 : Adobe Acrobat Pro DC Distiller PostScript File Parsing Use-After-free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0042 : Hewlett Packard Enterprise Intelligent Management Center ForwardRedirect Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0038 : Microsoft Office Excel EOF Record Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0021 : Microsoft Office Excel BIFFRecord Length Out-of-Bounds Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0023 : Adobe Acrobat Pro DC Distiller PostScript File Parsing dvips TeXDict Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2018-0022 : Adobe Acrobat Pro DC HTML2PDF HTML Parsing window getMatchedCSSRules Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0046 : Hewlett Packard Intelligent Management Center Standard AirWaveApConvergedDaoImpl readListBySql SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2021-0003 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...
SRC-2020-0021 : Microsoft SharePoint Server SPHashtagHelper MakeOLSGetRequest Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers disclose information and/or escalate privileges under certain conditions. Authentication is required to exploit this vulnerability. The specific flaw exists within the CallOLS function inside of the SPHashtagStoreManager class. The...
SRC-2019-0080 : Adobe Acrobat Pro DC Type PostScript File Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0035 : Cisco Prime Infrastructure XmpLogFilesDownloadServlet Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the XmpLogFilesDownloadServlet servlet. The issue result...
SRC-2019-0008 : Foxit Reader SDK ActiveX Link Launch Action Command Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0047 : Hewlett Packard Intelligent Management Center Standard DhcpServerDaoImpl queryServerByIp SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2018-0024 : Adobe Flash Player SWF Parsing Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0016 : Adobe Acrobat Pro DC Distiller PostScript File Parsing TBuildCharDict grestore Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2017-0006 : Adobe Digital Editions ePub Container File External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...
SRC-2016-0043 : Microsoft Office Word Array Indexing Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0036 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0039 : Microsoft Windows PDF Library PostScript Calculator Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of the Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...
SRC-2017-0013 : Hewlett Packard Enterprise Intelligent Management Center eventInfo_content Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2020-0029 : Microsoft SharePoint Server DataFormParameter ParameterBinding Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft SharePoint Server when form based authentication is enabled. Authentication is required to exploit this vulnerability. The specific flaw exists within the Evaluate function...
SRC-2019-0062 : Adobe Photoshop CC ASCII85Decode filter Heap Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0076 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0041 : Cisco Prime Infrastructure DbTableListDetailAction orderByColumn SQL Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the DbTableListDetailAction struts class. The...
SRC-2017-0003 : Adobe Acrobat Pro DC ImageConversion EMF Parsing iType Out-Of-Bounds Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2017-0001 : Adobe Digital Editions JPEG2000 Parsing Array Indexing Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...