4985 matches found
VulnCheck KEV: CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site...
VulnCheck KEV: CVE-2016-8870
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting...
VulnCheck KEV: CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code...
VulnCheck KEV: CVE-2016-7255
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
VulnCheck KEV: CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges...
VulnCheck KEV: CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS...
VulnCheck KEV: CVE-2016-7193
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2016-3393
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system...
VulnCheck KEV: CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...
VulnCheck KEV: CVE-2009-3953
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D U3D support that could lead to remote code execution...
VulnCheck KEV: CVE-2013-5326
Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
VulnCheck KEV: CVE-2014-0160
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information...
VulnCheck KEV: CVE-2009-3674
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a...
VulnCheck KEV: CVE-2006-3227
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set,...
VulnCheck KEV: CVE-2011-0101
Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."...
VulnCheck KEV: CVE-2014-0564
Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial...
VulnCheck KEV: CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER...
VulnCheck KEV: CVE-2016-6415
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 IKEv1 security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 IKEv1 that could allow an...
VulnCheck KEV: CVE-2016-7089
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN...
VulnCheck KEV: CVE-2014-3393
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.25.51, 8.3 before 8.32.42, 8.4 before 8.47.23, 8.6 before 8.61.14, 9.0 before 9.04.24, 9.1 before 9.15.12, and 9.2 before 9.22.4 does not properly implement authentication, which allows remote...
VulnCheck KEV: CVE-2016-3351
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer...
VulnCheck KEV: CVE-2008-2990
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms comfacileforms component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ffcompath parameter...
VulnCheck KEV: CVE-2016-6195
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...
VulnCheck KEV: CVE-2016-4656
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service DoS via a crafted application...
VulnCheck KEV: CVE-2016-6367
A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...
VulnCheck KEV: CVE-2016-4657
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service DoS via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...
VulnCheck KEV: CVE-2016-6366
A buffer overflow vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code...
VulnCheck KEV: CVE-2016-4655
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application...
VulnCheck KEV: CVE-2014-4076
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to 1 tcpip.sys or 2 tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."...
VulnCheck KEV: CVE-2009-1123
The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2014-1511
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors...
VulnCheck KEV: CVE-2016-0728
The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...
VulnCheck KEV: CVE-2014-1510
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
VulnCheck KEV: CVE-2010-0232
The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges...
VulnCheck KEV: CVE-2016-4171
Unspecified vulnerability in Adobe Flash Player allows for remote code execution...
VulnCheck KEV: CVE-2016-0147
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."...
VulnCheck KEV: CVE-2016-15043
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...
VulnCheck KEV: CVE-2016-1409
The Neighbor Discovery ND protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service packet-processing outage via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild...
VulnCheck KEV: CVE-2010-1240
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a...
VulnCheck KEV: CVE-2010-5326
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...
VulnCheck KEV: CVE-2015-6585
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag...
VulnCheck KEV: CVE-2016-0189
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...
VulnCheck KEV: CVE-2016-4117
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2016-3714
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...
VulnCheck KEV: CVE-2016-10995
The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...
VulnCheck KEV: CVE-2017-0144
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...
VulnCheck KEV: CVE-2016-0165
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2016-3298
An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk...
VulnCheck KEV: CVE-2016-0162
An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer...
VulnCheck KEV: CVE-2016-1019
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code...