4985 matches found
VulnCheck KEV: CVE-2010-4398
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...
VulnCheck KEV: CVE-2013-1331
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document...
VulnCheck KEV: CVE-2011-2005
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2012-3347
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...
VulnCheck KEV: CVE-2010-2493
The default configuration of the deployment descriptor aka web.xml in picketlink-sts.war in 1 the securitysaml quickstart, 2 the webserviceproxysecurity quickstart, 3 the web-console application, 4 the http-invoker application, 5 the gpd-deployer application, 6 the jbpm-console...
VulnCheck KEV: CVE-2013-4810
HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...
VulnCheck KEV: CVE-2011-2908
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests...
VulnCheck KEV: CVE-2015-5188
Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make...
VulnCheck KEV: CVE-2010-1428
Unauthenticated access to the JBoss Application Server Web Console /web-console is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information...
VulnCheck KEV: CVE-2015-1805
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly...
VulnCheck KEV: CVE-2016-0021
Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."...
VulnCheck KEV: CVE-2016-1010
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code...
VulnCheck KEV: CVE-2014-7247
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file...
VulnCheck KEV: CVE-2016-0167
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application...
VulnCheck KEV: CVE-2011-1255
The Timed Interactive Multimedia Extensions aka HTML+TIME implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted,...
VulnCheck KEV: CVE-2013-5990
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with...
VulnCheck KEV: CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web...
VulnCheck KEV: CVE-2010-2572
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution...
VulnCheck KEV: CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the MageAdminhtmlBlockWidgetGrid class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularityfieldexpr parameter when the...
VulnCheck KEV: CVE-2015-1398
Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value...
VulnCheck KEV: CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the...
VulnCheck KEV: CVE-2016-0984
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code...
VulnCheck KEV: CVE-2015-8651
Integer overflow in Adobe Flash Player allows attackers to execute code...
VulnCheck KEV: CVE-2015-7756
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b,...
VulnCheck KEV: CVE-2015-7755
Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device...
VulnCheck KEV: CVE-2015-8446
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
VulnCheck KEV: CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...
VulnCheck KEV: CVE-2015-6175
The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2016-0034
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service DoS...
VulnCheck KEV: CVE-2015-3090
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a...
VulnCheck KEV: CVE-2015-0359
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346...
VulnCheck KEV: CVE-2015-0003
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service...
VulnCheck KEV: CVE-2015-7858
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297...
VulnCheck KEV: CVE-2015-4902
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment...
VulnCheck KEV: CVE-2015-7645
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file...
VulnCheck KEV: CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
VulnCheck KEV: CVE-2015-2545
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image...
VulnCheck KEV: CVE-2015-2546
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2015-9415
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...
VulnCheck KEV: CVE-2015-2502
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service DoS...
VulnCheck KEV: CVE-2015-1769
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links...
VulnCheck KEV: CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method...
VulnCheck KEV: CVE-2015-4495
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges...
VulnCheck KEV: CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via TKEY queries...
VulnCheck KEV: CVE-2015-2419
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...
VulnCheck KEV: CVE-2014-0497
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code...
VulnCheck KEV: CVE-2015-0349
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and...
VulnCheck KEV: CVE-2014-3153
The futexrequeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges...
VulnCheck KEV: CVE-2015-2590
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2023-26609
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...