4985 matches found
VulnCheck KEV: CVE-2012-3213
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting...
VulnCheck KEV: CVE-2015-2387
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2015-5119
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2015-5123
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...
VulnCheck KEV: CVE-2015-2426
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts...
VulnCheck KEV: CVE-2015-5122
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...
VulnCheck KEV: CVE-2015-2425
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...
VulnCheck KEV: CVE-2015-2424
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document...
VulnCheck KEV: CVE-2015-3133
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a...
VulnCheck KEV: CVE-2015-3113
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code...
VulnCheck KEV: CVE-2015-3105
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and...
VulnCheck KEV: CVE-2015-9480
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...
VulnCheck KEV: CVE-2015-2360
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service DoS...
VulnCheck KEV: CVE-2015-0336
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334...
VulnCheck KEV: CVE-2008-1244
cgi-bin/setupdns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns11, dns12, dns13, and dns14 parameters. NOTE: it was later reported...
VulnCheck KEV: CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution...
VulnCheck KEV: CVE-2015-2945
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...
VulnCheck KEV: CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0...
VulnCheck KEV: CVE-2014-8361
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request...
VulnCheck KEV: CVE-2015-1701
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges...
VulnCheck KEV: CVE-2015-1641
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user...
VulnCheck KEV: CVE-2015-3043
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2015-0666
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager DCNM allows remote attackers to read arbitrary files...
VulnCheck KEV: CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0...
VulnCheck KEV: CVE-2015-0072
Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...
VulnCheck KEV: CVE-2015-1642
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document...
VulnCheck KEV: CVE-2014-0311
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305...
VulnCheck KEV: CVE-2014-6332
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site...
VulnCheck KEV: CVE-2013-2551
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object...
VulnCheck KEV: CVE-2015-1494
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...
VulnCheck KEV: CVE-2015-0071
Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization ASLR protection mechanism via a crafted web site...
VulnCheck KEV: CVE-2012-0159
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before...
VulnCheck KEV: CVE-2013-3894
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font...
VulnCheck KEV: CVE-2015-0311
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code...
VulnCheck KEV: CVE-2015-0310
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization ASLR protection mechanism...
VulnCheck KEV: CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code...
VulnCheck KEV: CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy TSWbPrxy component in Microsoft Windows allows remote attackers to escalate privileges...
VulnCheck KEV: CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges...
VulnCheck KEV: CVE-2014-10021
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/...
VulnCheck KEV: CVE-2014-9735
The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...
VulnCheck KEV: CVE-2014-0751
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This...
VulnCheck KEV: CVE-2014-9163
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely...
VulnCheck KEV: CVE-2015-9499
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...
VulnCheck KEV: CVE-2014-6324
The Kerberos Key Distribution Center KDC in Microsoft allows remote authenticated domain users to obtain domain administrator privileges...
VulnCheck KEV: CVE-2014-4077
Microsoft Input Method Editor IME Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default with the default set as disabled. IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE IME for Japanese is installed which...
VulnCheck KEV: CVE-2013-3163
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website...
VulnCheck KEV: CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK &...
VulnCheck KEV: CVE-2014-6352
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object...
VulnCheck KEV: CVE-2014-4123
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...
VulnCheck KEV: CVE-2014-4148
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts...