6867 matches found
Microsoft Internet Explorer CVE-2013-3146 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 10 is affected...
Microsoft Internet Explorer CVE-2013-3164 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8 is affected...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3173 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Internet Explorer CVE-2013-3110 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8 and 9 are affecte...
Microsoft Malware Protection Engine CVE-2013-1346 Remote Code Execution Vulnerability
Description Microsoft Malware Protection Engine is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with LocalSystem account privileges. Failed exploit attempts will result in a denial-of-service condition. Microsoft Malware Protection...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-1333 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a buffer-overflow error. A local attacker can exploit this issue to escalate privileges and perform unauthorized actions. Technologies Affected Avaya CallPilot 4.0 Avaya...
Microsoft Internet Explorer CVE-2013-1307 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Publisher CVE-2013-1322 Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...
Microsoft Windows CSRSS CVE-2013-1295 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that exists in the Client/Server Run-time Subsystem CSRSS. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete...
Symantec Encryption Desktop Local Access Elevation of Privilege
SUMMARY Symantec's PGP Desktop and Encryption Desktop system kernel driver is susceptible to a local access integer overflow on all versions of Microsoft Windows operating systems. The driver is also susceptible to a local buffer overflow only on Microsoft Windows XP and Windows Server 2003...
Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Successful exploits may allow an attacker to execute arbitrary code with elevated privileges; this may result in the attacker gaining complete control of the affected system. Technologies Affected...
Microsoft Windows 'Win32k.sys' CVE-2013-1258 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution Vulnerability
Description Microsoft Windows Object Linking and Embedding OLE Automation is prone to a remote code-execution vulnerability due to an integer overflow error. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage or a specially crafted file. Successful...
Symantec Enterprise Security Manager Manager/Agent Local Elevation of Privilege
SUMMARY Symantecs Enterprise Security Manager ESM for Windows has an unquoted search path in the Manager and Agent components. This could allow a non-privileged local user, able to successfully insert arbitrary code in the root path, to potentially execute their code with elevated privileges duri...
Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adob...
Microsoft VBScript And JScript Scripting Engines Integer Overflow Code Execution Vulnerability
Description Microsoft VBScript and JScript scripting engines are prone to a remote code-execution vulnerability due to an integer-overflow error. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run wit...
Microsoft Internet Explorer CVE-2012-1872 EUC-JP Character Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Intern...
Microsoft Remote Desktop Protocol CVE-2012-0173 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code with full user-level privileges. This may facilitate a complete system compromise. Failed attacks may cause denial-of-service...
Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Windows CVE-2012-0180 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Description The Microsoft Windows DNS Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the DNS server service to stop responding, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Cisco Video Communications Server CVE-2011-2538 Unspecified Remote Command Execution Vulnerability
Description Cisco Video Communications Server is prone to an unspecified remote command-execution vulnerability because it fails to sufficiently validate user-input supplied. An attacker may exploit this issue to execute arbitrary commands within the context of the affected application,this may a...
Microsoft Office Shared Component CVE-2011-1980 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Office is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Libra...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1874) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1887) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Symantec Web Gateway Blind SQL Injection
SUMMARY Symantecs Web Gateway management GUI is susceptible to blind SQL injection which could result in the injection of arbitrary code into the backend database. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway | 4.5.x | Upgrade to Symantec Web Gateway 5.0.1 ISSUE...
Microsoft Excel Insufficient Record Validation CVE-2011-1272 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0662) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1230) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft WordPad Text Converter (CVE-2011-0028) Remote Code Execution Vulnerability
Description Microsoft WordPad is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. Technologies Affected Avaya...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0675) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Internet Explorer Uninitialized Memory CVE-2010-3326 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Microsoft Internet Explorer Uninitialized Memory CVE-2010-2559 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
JBoss Enterprise Application Platform Multiple Vulnerabilities
Description JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues. An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain...
Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Successful exploits may aid in the compromise of affected...
Microsoft Internet Explorer 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability
Description The Microsoft Office Web Components ActiveX control is prone to a remote stack-based buffer-overflow vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code...
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit...
Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause...
Symantec Brightmail Gateway and Mail Security Appliance Cross-site Scripting and Elevation of Privil
SUMMARY Symantec Brightmail Gateways Control Center is susceptible to cross-site scripting and elevation of privilege vulnerabilities. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec Brightmail Gateway Appliance 8300 | All prior to 8.0.1 | Upgrade to 8.0.1 or later Symantec...
Microsoft Windows Recursive DNS Spoofing Vulnerability
Description Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests. A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. Technologies Affected Avaya Messaging...
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
SUMMARY A stack overflow in Symantec Anti-Virus Corporate Editions Internet Email Auto-Protect feature could potentially crash the Internet Email scanning feature. Severity Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED...
AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability
Description AWStats Rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized. An attacker may exploit this condition to execute commands remotely or disclose...
Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability
Description Microsoft ASN.1 handling library has been reported prone to an integer overflow vulnerability that may result in arbitrary heap-based memory corruption. The issue presents itself in the ASN.1 BER decoding/encoding routines. Exploitation of this issue will result in the corruption of...
SEDR Information Disclosure
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....
Data Center Security Privilege Escalation
Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...
Microsoft Windows Search Indexer CVE-2020-0628 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...