293 matches found
SRC-2017-0021 : Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0012 : Hewlett Packard Enterprise Intelligent Management Center devGroupSelect Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0015 : Hewlett Packard Enterprise Intelligent Management Center faultInfo_content Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0011 : Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0013 : Hewlett Packard Enterprise Intelligent Management Center eventInfo_content Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0014 : Hewlett Packard Enterprise Intelligent Management Center faultDevParasSet Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0018 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload SyslogIctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0017 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload IctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0020 : Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0023 : Hewlett Packard Enterprise Intelligent Management Center mibWidgetService Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0009 : Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0016 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload FaultIctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2017-0022 : Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2016-0023 : Foxit Reader ConvertToPDF TIF SamplesPerPixel Parsing Heap Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2016-0020 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0014 : ATutor LMS zip Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0018 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0017 : ATutor LMS view_item File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0015 : ATutor LMS write_temp_file File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0019 : ATutor LMS get_course_icon File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0009 : ATutor LMS password_reminder TOCTOU Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0008 : ATutor LMS confirm ‘SELECT’ Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when performing an automated login. The code uses a loose comparison when comparing the supplied...
SRC-2016-0010 : ATutor LMS question_import Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0013 : ATutor LMS ims_import Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0011 : ATutor LMS import_test Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0002 : ATutor LMS Multiple Reflected Cross Site Scripting Vulnerabilities
Vulnerability Details: A total of 704 reflected Cross Site Scripting XSS vulnerabilities were found that can allow remote attackers to inject arbitrary web script or html via unspecified parameters against vulnerable installations of ATutor. User interaction is required to exploit this...
SRC-2016-0007 : ATutor LMS searchFriends SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the searchFriends function within the ‘friends.inc.php’ script. An attacker...
SRC-2016-0004 : ATutor LMS SocialGroups search SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0006 : ATutor LMS updateAdditionalInformation SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0003 : ATutor LMS PhotoAlbum search SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0012 : ATutor LMS confirm ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when updating a members email address. The code uses a loose comparison when comparing the supplied...
SRC-2016-0016 : ATutor LMS password_reminder ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘passwordreminder.php’ script when performing an password reset. The code uses a loose comparison when comparing the...
SRC-2016-0005 : ATutor LMS searchMembers SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0001 : ATutor LMS install_modules CSRF Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. User interaction is required to exploit this vulnerability in that a target administrator must visit a malicious page. The specific flaw exists when sending data to t...
SRC-2016-0000 : ATutor LMS login_functions.inc.php Password Hash Usage Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of ATutor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of challenges for authentication. The implementation of th...
SRC-2016-0021 : Microsoft Office Excel BIFFRecord Length Out-of-Bounds Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2016-0035 : Microsoft Internet Explorer HyperlinkString Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...
SRC-2016-0022 : Microsoft Office Component FSupportSAEXTChar Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2015-0001 : Microsoft Windows Journal Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
SRC-2016-0025 : Oracle Knowledge Management Forum Attachment Upload Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability. The infocenter forum application allows remote attackers to write arbitrary files...
SRC-2016-0024 : Oracle Knowledge Management Castor Library XML External Entity Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TestClient.jsp script using the...
SRC-2015-0003 : Oracle Endeca Tools and Frameworks AMF Request Beanshell Script Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...
SRC-2015-0002 : Oracle Endeca Tools and Frameworks Session Generation Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle Endeca Tools and Frameworks. Authentication is not required to exploit this vulnerability. The specific flaw exists when parsing the auth parameter. The service generates...