6867 matches found
Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability because it fails to properly validate the signature of a specially crafted XML file. Attackers can exploit this issue to bypass XML digital signature validation and spoof XML content by conducting man-in-the-middle...
Microsoft Internet Explorer CVE-2013-1310 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft SharePoint CVE-2013-1289 HTML Injection Vulnerability
Description Microsoft SharePoint is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication...
Microsoft Internet Explorer CVE-2013-0089 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows CVE-2013-1287 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Symantec Ghost Solution Suite Memory Corruption
SUMMARY Symantecs Ghost Solution Suite is susceptible to memory corruption issues that could result in an application denial of service or possibly arbitrary code execution. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Ghost Solution Suite | 2.x | Upgrade to the latest...
Microsoft Internet Explorer CVE-2012-1881 'OnRowsInserted' Event Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Internet Explorer Uninitalized Object CVE-2011-1993 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1881) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Microsoft Excel WriteAV Memory Corruption CVE-2011-1278 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Adobe Acrobat and Reader CVE-2011-2096 Remote Heap Buffer Overflow Vulnerability
Description Adobe Acrobat and Reader are prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to 10.1 are affected. Technologies...
Adobe Flash Player CVE-2011-0619 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1238) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1242) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0090) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Microsoft Internet Explorer CVE-2010-3348 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Excel Out of Bounds Array (CVE-2010-3236) Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Word Index Value Handling (CVE-2010-2750) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler Service. A remote attacker can exploit this issue to execute code with SYSTEM-level privileges. Local attackers able to submit print jobs can exploit this issue to gain elevated...
Microsoft Excel CVE-2010-1251 Record Parsing Stack Corruption Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...
Symantec Altiris Deployment Solution dbmanager Denial of Service
SUMMARY Symantecs Altiris Deployment Solution is susceptible to a denial of service which can temporarily halt deployment solution activity. An attacker would need to be on the network segment to effectively implement the denial of service. AFFECTED PRODUCTS Product | Version | Build | Solutions...
Multi-Vendor Autonomy KeyView Filter Module OLE Document Processing Overflow
SUMMARY Symantec products that ship a third-party Autonomy KeyView filter have updated the module to address a vulnerability in the processing of specifically crafted OLE documents reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symante...
Microsoft GDI+ Malformed Office BMP File Integer Overflow Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes BMP files in Microsoft Office documents. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user...
Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...
Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
Description Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects...
Symantec Reporting Server Improper URL Handling Exposure
SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...
Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...
Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability
Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...
Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM Active Directory Application Mode, and AD LDS Active Directory Lightweight Directory Service fail to handle specially crafted Lightweight Directory Access Protocol LDAP...
Microsoft Internet Explorer cloneNode() and nodeValue() Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer...
Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
Description A local privilege-escalation vulnerability affects Microsoft Windows 2000. This vulnerability affects the Windows kernel; local attackers may exploit it to completely compromise an affected computer. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000...
Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain. Attackers could exploit this issue to gain access to sensitive information that is...
Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
Description It has been reported that the H.323 filter used by Microsoft ISA Server 2000 is prone to a remote buffer overflow vulnerability. The condition presents itself due to insufficient boundary checks performed by the Microsoft Firewall Service on specially crafted H.323 traffic. Successful...
Yahoo! Messenger YAuto.DLL Open Buffer Overflow Vulnerability
Description A problem has been identified in the handling of some types of requests by ActiveX controls installed with Yahoo! Messenger, exposing a remotely exploitable buffer overrun. Because of this, it may be possible for an attacker to execute arbitrary code on a vulnerable host. Technologies...
Oracle Application Testing Suite CVE-2020-2673 Remote Security Vulnerability
Description Oracle Application Testing Suite is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Oracle Flow Builder' component is affected. This vulnerability affects the following supported versions: 12.5.0.3, 13.1.0.1, 13.2.0.1, 13.3.0...
Oracle Identity Manager CVE-2020-2728 Remote Security Vulnerability
Description Oracle Identity Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'OIM - LDAP user and role Synch' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...
Cisco Webex Centers CVE-2020-3116 Denial of Service Vulnerability
Description Cisco Webex Centers is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCvr16379, CSCvr16383 and CSCvr16386. Technologies Affected Cisco WebEx Event Center Cisco WebEx...
MyBB CVE-2019-20225 Open Redirection Vulnerability
Description MyBB is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks...
Advantech DiagAnywhere CVE-2019-18257 Multiple Stack Buffer Overflow Vulnerabilities
...
McAfee TechCheck for Windows CVE-2019-3667 DLL Loading Arbitrary Code Execution Vulnerability
Description McAfee TechCheck is prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. McAfee TechCheck versions 3.0.0.17 an...
Intel SCS Platform Discovery Utility CVE-2019-14605 Local Privilege Escalation Vulnerability
Description Intel SCS Platform Discovery Utility is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Intel SCS Platform Discovery Utility Recommendations Permit local access for trusted individuals only...
Microsoft Windows GDI Component CVE-2019-1467 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Multiple Trend Micro Products CVE-2019-18190 Arbitrary Code Execution Vulnerability
Description Multiple Trend Micro Products are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to crash the affected application or execute arbitrary code in the context of the affected application. Technologies Affected Trend Micro Antivirus+ Security 16.0...
IBM API Connect CVE-2019-4444 Local Information Disclosure Vulnerability
Description IBM API Connect is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 2018.4.1.0 through 2018.4.1.7 are vulnerable. Technologies Affected IBM API Connect 2018.4.1 IB...
ABB Relion 650 and 670 Series CVE-2019-18247 Denial Of Service Vulnerability
Description ABB Relion 650 and 670 Series are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a device to reboot, denying service to legitimate users. The following versions of ABB Relion series are vulnerable: ABB Relion 650 series versions 1.3.0.5 and prior...
Xen CVE-2019-19579 Incomplete Fix Local Privilege Escalation Vulnerability
Description Xen is prone to a local privilege-escalation vulnerability. Local attacker can exploit this issue to gain elevated privileges on affected computers. Technologies Affected Xen Xen 3.0.2 Xen Xen 3.0.3 Xen Xen 3.0.4 Xen Xen 3.1 Xen Xen 3.1.3 Xen Xen 3.1.4 Xen Xen 3.2.0 Xen Xen 3.2.1 Xen...