6867 matches found
SA97 : Malware Analysis Appliance VM Escape
SUMMARY The Malware Analysis Appliance MAA is vulnerable to a virtual machine escape where a sample being analyzed could change content and destination path of files being saved on the hosts file system during analysis. Correct manipulation of the path and content could lead to code execution or...
Microsoft Internet Explorer CVE-2015-1742 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2015-1747 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2015-1711 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft .NET Framework CVE-2015-1672 Remote Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to degrade the performance of a .NET-enabled website, causing a denial-of-service condition. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilo...
Microsoft XML Core Services CVE-2015-1646 Same Origin Policy Security Bypass Vulnerability
Description Microsoft XML Core Services is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the same-origin policy and perform unauthorized actions. This could be used to steal sensitive information or launch other attacks. Technologies Affected Avaya CallPil...
Microsoft SharePoint CVE-2015-1636 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Internet Explorer XSS Filter CVE-2014-6365 Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...
Microsoft Windows Graphics Component CVE-2014-6355 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Avaya Aura Conferencing 6.0.0 Standard Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Ava...
Microsoft Internet Explorer CVE-2014-6376 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability
Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Office Bad Index CVE-2014-6334 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Internet Explorer CVE-2014-6341 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
Description Adobe Flash Player and AIR are prone to an unspecified memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Microsoft Internet Explorer CVE-2014-6344 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow Vulnerability
Description Adobe Flash Player and AIR are prone to an unspecified integer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Microsoft Internet Explorer CVE-2014-4051 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft Windows Installer Service CVE-2014-1814 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya...
Microsoft Internet Explorer CVE-2014-1776 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2014-0325 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing...
Microsoft Internet Explorer CVE-2014-0321 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6...
Microsoft Silverlight CVE-2013-3896 Information Disclosure Vulnerability
Description Microsoft Silverlight is prone to an information-disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow attackers to gain access to potentially sensitive information that may aid in furthe...
Microsoft Internet Explorer CVE-2013-3873 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability because of a use-after-free error. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft...
Microsoft SharePoint CVE-2013-3180 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft OneNote CVE-2013-0086 Information Disclosure Vulnerability
Description Microsoft OneNote is prone to an information-disclosure vulnerability. An attacker can exploit this issue to disclose sensitive information such as the username and password of configured accounts. Information obtained may aid in further attacks. Technologies Affected Microsoft OneNot...
Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability
Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...
Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft PowerPoint is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link...
Microsoft Windows Kernel '.fon' Font File Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malformed file on a remote network share. Successful exploits can allow attackers to execute arbitrary code with kernel-level...
Microsoft Visio CVE-2011-1972 Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1875) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0677) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Symantec Web Gateway Blind SQL Injection
SUMMARY Symantecs Web Gateway management GUI is susceptible to a blind SQL injection attack which could result in injection of arbitrary code into the backend database. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway | 4.5 | Apply DB update 4.5.0.376 ISSUES Severit...
Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft PowerPoint 'PP7X32.DLL' (CVE-2010-2572) Remote Heap-Based Buffer Overflow Vulnerability
Description Microsoft PowerPoint is prone to a remote heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. Technologies...
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
Description Adobe Reader is prone to a remote memory-corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Adobe Reader versions...
Adobe Flash Player CVE-2010-3648 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This iss...
Microsoft Windows Media Player CVE-2010-2745 Remote Code Execution Vulnerability
Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted media content. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute...
Microsoft Internet Explorer Uninitialized Memory CVE-2010-3331 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Microsoft Windows Media Service Transport Information Packet Stack Buffer Overflow Vulnerability
Description Microsoft Windows Media Service is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected...
Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability
Description Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment JRE. Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. Versions prior to Java 5.0 Update...
Microsoft Windows Hyper-V CVE-2020-0617 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Oracle Hospitality Suites Management CVE-2020-2697 Local Security Vulnerability
Description Oracle Hospitality Suites Management is prone to a local security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Request Tracker' package is affected. This vulnerability affects the following supported versions: 3.7, 3.8 Technologies Affected Oracle...
Oracle MySQL Server CVE-2020-2580 Remote Security Vulnerability
Description Oracle MySQL Server is prone to a remote security vulnerability in 'Server: DDL' component. The vulnerability can be exploited over the 'MySQL' protocol. This vulnerability affects the following supported versions: 8.0.17 and prior Technologies Affected Oracle MySQL Server 8.0.11 Orac...
Oracle E-Business Suite CVE-2020-2666 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Applications Framework' product. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Attachments / File Upload' component is affected. This vulnerability affects the following supported...
Microsoft Windows Win32k CVE-2020-0608 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
IBM Spectrum Scale CVE-2019-4558 Local Privilege Escalation Vulnerability
Description IBM Spectrum Scale is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain root privileges. The following IBM products are affected: IBM Spectrum Scale versions 5.0.0.0 through 5.0.3.2 and 4.2.0.0 through 4.2.3.17 are vulnerable. IBM Elastic...
SQLite CVE-2019-19880 Denial of Service Vulnerability
Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...
Xen CVE-2019-19580 Incomplete Fix Local Privilege Escalation Vulnerability
Description Xen is prone to a local privilege-escalation vulnerability. Local attacker can exploit this issue to gain elevated privileges on affected computers. Xen version 4.12.x and prior are vulnerable. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR...