6867 matches found
Microsoft SharePoint CVE-2013-0083 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability
Description Microsoft SharePoint is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied data. A remote attacker could exploit this vulnerability using directory-traversal strings such as '../' to obtain sensitive information or elevate their...
Microsoft Internet Explorer CVE-2013-0094 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2013-0087 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows 'Win32k.sys' CVE-2013-1262 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1250 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1268 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
MantisBT CVE-2013-1934 HTML Injection Vulnerability
Description MantisBT is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied data. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
Microsoft Windows TrueType Font CVE-2012-4786 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft...
Microsoft Internet Explorer CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Microsoft Internet Explorer CVE-2012-1873 Null Byte Handling Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 8 Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1523 Center Element Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Symantec pcAnywhere awhost32 Denial of Service
SUMMARY A Denial of Service DoS exploit has been publicly released that can temporarily crash the awhost32 service for Symantec pcAnywhere. AFFECTED PRODUCTS Product | Version | Build | Solution ---|---|---|--- | | | Symantec pcAnywhere | 12.5.x | All | Upgrade to the latest release of pcAnywhere...
Microsoft Visio Viewer VSD File Format CVE-2012-0137 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Windows ClickOnce Application Installer Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malformed file. Successful exploits can allow attackers to execute arbitrary code within the privileges of the user running the...
Microsoft Active Directory LDAPS Authentication Bypass Vulnerability
Description Microsoft Active Directory is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions by using a revoked certificate. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya CallPilot 4.0 Avaya CallPilot 5.0...
Microsoft Internet Explorer 'SwapNode()' CVE-2011-2000 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Internet Explorer Option Element CVE-2011-1996 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1888) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Microsoft Internet Explorer Link Properties Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected...
Microsoft PowerPoint (CVE-2011-1269) Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious PowerPoint file. Successful exploits will result in the execution of arbitrary code with the privileges of the user running the...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1231) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0086) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Microsoft Internet Explorer CVE-2010-3342 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities
Description Microsoft Office is prone to multiple remote buffer-overflow vulnerabilities because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues by enticing an unsuspecting user into opening an Office document containing a special...
Microsoft Word Return Value Handling (CVE-2010-3215) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows Failover Clustering File Permissions Security Bypass Vulnerability
Description Microsoft Windows Failover Clustering is prone to a security-bypass vulnerability. Local attackers can exploit this issue to perform unauthorized actions against the administrative shares on the failover cluster disk. Technologies Affected Microsoft Windows Server 2008 R2 Itanium...
Microsoft Excel Record Format Parsing (CVE-2010-3232) Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Outlook 'Online Mode' Remote Heap Buffer Overflow Vulnerability
Description Microsoft Outlook is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied data. Attackers can exploit this issue by enticing an unsuspecting user to preview or view a crafted email message. Successfully exploiting this issue wi...
Microsoft Windows ICMPv6 Route Information Remote Code Execution Vulnerability
Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will...
Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability
Description Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC10.Spreadsheet ActiveX control. The control is identified by the following CLSIDs: 0002E541-0000-0000-C000-000000000046 0002E559-0000-0000-C000-000000000046 An attacker could exploit...
Symantec Products Update Vulnerable Autonomy KeyView Module
SUMMARY Symantec products that ship and use a third-party Autonomy KeyView module have updated the module to address a buffer overflow vulnerability reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security for Domino |...
Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM Pragmatic General Multicast network traffic. Attackers can exploit this issue to cause affected computers to stop responding until all the malformed packe...
Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability
Description Rising Web Scan Object 'OL2005.dll' ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code on a victim's computer in the context of the vulnerable application using the ActiveX control typically Internet Explorer...
Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
Description Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...
Adobe Acrobat Mailto PDF File Command Execution Vulnerability
Description Adobe Acrobat is prone to a command-execution vulnerability when handling malicious PDF files. Remote attackers can exploit this issue to compromise affected computers.. The vendor reports that this issue can be exploited only through Internet Explorer 7 installed on Microsoft Windows...
Symantec Discovery Insecure File Permissions
SUMMARY Insecure default directory and file permissions may allow local users to gain escalated privileges. Severity Low Remote Access | Local network access required ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Affected Products Produ...
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
Description Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability. Successfully exploiting these issu...
Microsoft Outlook Web Access Remote Script Injection Vulnerability
Description Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments. To exploit this issue, attackers must send specially crafted files through email messages to users of the affected applicatio...
Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...
Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to the handling of certain HTML tags. Attackers could exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. They could also use HT...
Microsoft Windows MSDTC Memory Corruption Vulnerability
Description The Microsoft Windows MSDTC Microsoft Distribution Transaction Coordinator service is prone to a memory corruption vulnerability. This issue could allow for execution of arbitrary code in the context of the service. The vulnerability may be remotely exploitable in some circumstances,...
Microsoft Excel XLM Macro Security Level Bypass Vulnerability
Description A vulnerability has been reported to affect Microsoft Excel that could be exploited by an attacker to execute an XLM macro regardless of the macro security level. The issue has been reported to present itself due to a failure by Excel to sufficiently scan a malicious spreadsheet file...
InterSystems Cache Insecure Default Permissions Vulnerability
Description It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root...
Oracle Database Server cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Database Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over 'OracleNet' protocol. The 'Database Gateway for ODBC' component is affected. These vulnerabilities affect the following supported versions: 11.2.0.4, 12.1.0.2,...
Microsoft Windows Subsystem for Linux CVE-2020-0636 Local Privilege Escalation Vulnerability
Description Microsoft Windows Subsystem for Linux is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based...
Cisco UCS Director CVE-2019-16003 Information Disclosure Vulnerability
Description Cisco UCS Director is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvr00602. Technologies Affected Cisco UCS Director 4.0.0.0 Cisco UC...
Cisco Crosswork Change Automation CVE-2019-16024 Cross Site Scripting Vulnerability
Description Cisco Crosswork Change Automation is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...