6867 matches found
Microsoft Remote Desktop Session Host CVE-2015-2472 Spoofing Vulnerability
Description Microsoft Remote Desktop Session Host is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Attackers can exploit this issue to spoof and impersonate a legitimate user. Other attacks are also possible. Technologies Affected Microsoft SQL Server 200...
Microsoft Internet Explorer CVE-2015-2450 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Remote Desktop Protocol DLL Loading CVE-2015-2473 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Internet Explorer CVE-2015-2447 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Office CVE-2015-2415 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Internet Explorer CVE-2015-2406 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2015-2390 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Excel DLL Loading CVE-2015-2378 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Excel...
Symantec Endpoint Protection Manager and Client Issues
SUMMARY Symantec Endpoint Protection SEP 12.1.6 addresses vulnerabilities that were found in prior releases. These include an authorized but less-privileged administrator able to attempt a blind SQL injection in the SEP Manager SEPM console through PHP prepared statements; a local Denial of Servi...
Microsoft Windows Kernel 'Win32k.sys' CVE-2015-1727 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8 for 32-bit...
Microsoft Exchange Server CVE-2015-1771 Cross Site Request Forgery Vulnerability
Description Microsoft Exchange Server is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Technologies Affected Microsoft Exchange...
Microsoft Windows Station CVE-2015-1723 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and corrupt kernel memory. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for...
Microsoft Internet Explorer CVE-2015-1714 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows Journal File Processing CVE-2015-1698 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsof...
Microsoft Windows Task Scheduler CVE-2015-0098 Remote Privilege Escalation Vulnerability
Description Microsoft Windows Kernel is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the System account. Technologies Affected Avaya Meeting Exchange - Client Registration Server 5.0 Avaya Meeting Exchan...
Microsoft SharePoint CVE-2015-1640 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows Kernel Mode Driver CVE-2015-0077 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information such as kernel memory contents. This may aid in launching further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1...
Microsoft Excel CVE-2015-0063 Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Excel 2007 SP3 Microsoft...
Microsoft Exchange Server CVE-2014-6336 Tokens Validation URI Redirection Vulnerability
Description Microsoft Exchange Server is prone to a URI-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid ...
Microsoft Internet Explorer CVE-2014-6348 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Office Double Delete CVE-2014-6333 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Lync Server CVE-2014-4071 Remote Denial of Service Vulnerability
Description Microsoft Lync Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition. Technologies Affected Microsoft Lync Server 2013 Recommendations Block extern...
Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya Conferencing Standard Editio...
Microsoft Internet Explorer CVE-2014-4058 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft Windows Remote Procedure Call CVE-2014-0316 ASLR Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass Address Space Layout Randomization ASLR protection mechanisms and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya...
Microsoft Internet Explorer CVE-2014-2818 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft Internet Explorer CVE-2014-1805 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet explorer ...
Microsoft Office Word File Processing CVE-2014-2778 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Internet Explorer CVE-2014-2777 Remote Privilege Escalation Vulnerability
Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Internet Explorer 8, 9, 10, and 11 are vulnerable. Technologies Affected Avaya Aura...
Microsoft Internet Explorer CVE-2014-1815 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet explorer 6, 7, 8, 9, 10, and 11 are...
Microsoft Publisher CVE-2014-1759 Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts may result in a denial-of-service condition. Technologies Affect...
Microsoft Internet Explorer CVE-2014-0306 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6...
Microsoft Windows Local Procedure Call CVE-2013-3878 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the Local Procedure Call LPC component. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of...
Microsoft Internet Explorer CVE-2013-5052 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing...
Symantec Management Platform Agent Static Service Key
SUMMARY The Symantec Management Platform agent and task agent installs a registry service key that is used to retrieve software packages from package servers. The registry key is locally accessible and can potentially be extracted and decrypted by an authorized local user using a static key commo...
Microsoft Excel CVE-2013-3889 Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Excel 2007 SP3 Microsoft...
Microsoft Internet Explorer CVE-2013-3202 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 10 is affected...
Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
Description Microsoft Office is prone to a local privilege-escalation vulnerability that exists in the Pinyin Input Method Editor IME. A local attacker can exploit this issue to execute arbitrary code with system-level privileges, resulting in a complete compromise of the affected computer...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3866 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...
Microsoft .NET Framework CVE-2013-3133 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...
Microsoft Windows TrueType Font CVE-2013-3129 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in kernel-mode. Failed attempts will cause a denial-of-service condition. The attacker can also exploit this issue through Microsoft Silverlight,...
Microsoft .NET Framework CVE-2013-3134 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Technologies Affected...
Microsoft Internet Explorer CVE-2013-3144 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8, 9, and 10 are...
Symantec Endpoint Protection Manager/Protection Center 12.x Buffer Overflow
SUMMARY A dynamic link library dll in the Symantec Endpoint Protection Manager SEPM 12.1.x server and Symantec Protection Center SPC 12.0.x Small Business Edition server does not properly validate all external input. This could potentially result in a buffer overflow and remote code execution wit...
Microsoft Windows Print Spooler Service CVE-2013-1339 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the Print Spooler Service. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers...
Microsoft Windows Essentials CVE-2013-0096 URI Handling Information Disclosure Vulnerability
Description Microsoft Windows Essentials is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows Essentials 2011 Microsoft Windows Essentials 2012 Recommendations...
Microsoft Windows CVE-2013-1293 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and run arbitrary code in kernel mode. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Conferencing 6.0.0 Standard Ava...
Microsoft Internet Explorer CVE-2013-0090 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft SharePoint CVE-2013-0085 Denial of Service Vulnerability
Description Microsoft SharePoint is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive, denying service to legitimate users. Technologies Affected Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Server 2010...
Microsoft Windows 'Win32k.sys' CVE-2013-1259 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...