4985 matches found
VulnCheck KEV: CVE-2014-4113
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2014-8439
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution...
VulnCheck KEV: CVE-2014-4114
A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...
VulnCheck KEV: CVE-2014-7169
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...
VulnCheck KEV: CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code...
VulnCheck KEV: CVE-2017-6360
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...
VulnCheck KEV: CVE-2017-6361
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors...
VulnCheck KEV: CVE-2014-0324
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312...
VulnCheck KEV: CVE-2014-9734
Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...
VulnCheck KEV: CVE-2015-1579
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734...
VulnCheck KEV: CVE-2014-0546
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...
VulnCheck KEV: CVE-2014-2817
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...
VulnCheck KEV: CVE-2013-3346
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service...
VulnCheck KEV: CVE-2013-2729
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code...
VulnCheck KEV: CVE-2013-3900
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...
VulnCheck KEV: CVE-2019-25141
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...
VulnCheck KEV: CVE-2013-5015
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute...
VulnCheck KEV: CVE-2013-5014
The management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external...
VulnCheck KEV: CVE-2012-2539
Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...
VulnCheck KEV: CVE-2013-0074
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application...
VulnCheck KEV: CVE-2014-1809
The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."...
VulnCheck KEV: CVE-2014-1812
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate...
VulnCheck KEV: CVE-2014-1815
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than...
VulnCheck KEV: CVE-2014-1807
The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows...
VulnCheck KEV: CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users...
VulnCheck KEV: CVE-2014-0515
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014...
VulnCheck KEV: CVE-2014-1776
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...
VulnCheck KEV: CVE-2014-1761
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution...
VulnCheck KEV: CVE-2013-2465
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D...
VulnCheck KEV: CVE-2014-0266
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers...
VulnCheck KEV: CVE-2013-7331
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications...
VulnCheck KEV: CVE-2014-0502
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code...
VulnCheck KEV: CVE-2014-0322
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code...
VulnCheck KEV: CVE-2014-6293
SQL injection vulnerability in the Statistics kestats extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014...
VulnCheck KEV: CVE-2014-0295
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...
VulnCheck KEV: CVE-2013-5330
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or...
VulnCheck KEV: CVE-2014-0253
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or...
VulnCheck KEV: CVE-2013-1904
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the value parameter for the genericmessagefooter setting in a save-perf action to index.php, as...
VulnCheck KEV: CVE-2012-0773
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers...
VulnCheck KEV: CVE-2013-7246
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014...
VulnCheck KEV: CVE-2012-2520
Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office...
VulnCheck KEV: CVE-2013-5211
The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013...
VulnCheck KEV: CVE-2013-7102
Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable...
VulnCheck KEV: CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
VulnCheck KEV: CVE-2013-5331
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary...
VulnCheck KEV: CVE-2013-5057
hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in...
VulnCheck KEV: CVE-2013-5054
Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...
VulnCheck KEV: CVE-2013-5065
Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges...
VulnCheck KEV: CVE-2013-6282
The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation...
VulnCheck KEV: CVE-2013-3918
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote...