4985 matches found
VulnCheck KEV: CVE-2013-3906
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
VulnCheck KEV: CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...
VulnCheck KEV: CVE-2013-6129
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...
VulnCheck KEV: CVE-2013-3897
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code...
VulnCheck KEV: CVE-2013-5576
administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing...
VulnCheck KEV: CVE-2012-1856
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted 1 document or 2 web page that triggers system-state corruption...
VulnCheck KEV: CVE-2013-3893
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
VulnCheck KEV: CVE-2013-1690
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service DoS or possibly execute malicious code via a crafted web site...
VulnCheck KEV: CVE-2013-7372
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4...
VulnCheck KEV: CVE-2013-4854
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query...
VulnCheck KEV: CVE-2013-4878
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...
VulnCheck KEV: CVE-2013-0156
activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...
VulnCheck KEV: CVE-2013-2423
Unspecified vulnerability in hotspot for Java Runtime Environment JRE allows remote attackers to affect integrity...
VulnCheck KEV: CVE-2012-0518
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors...
VulnCheck KEV: CVE-2013-2094
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...
VulnCheck KEV: CVE-2013-1389
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors...
VulnCheck KEV: CVE-2013-3336
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors...
VulnCheck KEV: CVE-2013-1347
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer...
VulnCheck KEV: CVE-2013-1289
Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."...
VulnCheck KEV: CVE-2018-11654
Information disclosure in Netwave IP camera at getstatus.cgi via HTTP on port 8000 allows an unauthenticated attacker to exfiltrate sensitive information from the device...
VulnCheck KEV: CVE-2012-3174
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the...
VulnCheck KEV: CVE-2007-0671
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a...
VulnCheck KEV: CVE-2009-3957
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service NULL pointer dereference via unspecified vectors...
VulnCheck KEV: CVE-2013-0431
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle allows remote attackers to bypass the Java security sandbox...
VulnCheck KEV: CVE-2009-0563
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field...
VulnCheck KEV: CVE-2013-0158
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown...
VulnCheck KEV: CVE-2012-1723
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot...
VulnCheck KEV: CVE-2017-16959
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...
VulnCheck KEV: CVE-2013-1493
The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters,...
VulnCheck KEV: CVE-2013-0648
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content...
VulnCheck KEV: CVE-2013-0643
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content...
VulnCheck KEV: CVE-2013-0707
Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file...
VulnCheck KEV: CVE-2012-5671
Heap-based buffer overflow in the dkimeximquerydnstxt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and aclsmtpconnect and aclsmtprcpt are not set to "warn control = dkimdisableverify," allows remote attackers to execute arbitrary code via an email from a...
VulnCheck KEV: CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...
VulnCheck KEV: CVE-2013-0641
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2013-0640
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution...
VulnCheck KEV: CVE-2012-4167
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR...
VulnCheck KEV: CVE-2012-5054
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...
VulnCheck KEV: CVE-2012-1682
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has...
VulnCheck KEV: CVE-2013-0633
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary...
VulnCheck KEV: CVE-2013-0634
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a...
VulnCheck KEV: CVE-2013-0632
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access...
VulnCheck KEV: CVE-2013-0422
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system...
VulnCheck KEV: CVE-2013-0631
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server...
VulnCheck KEV: CVE-2013-0625
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access...
VulnCheck KEV: CVE-2013-0629
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories...
VulnCheck KEV: CVE-2012-6498
Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012...
VulnCheck KEV: CVE-2012-6467
Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...
VulnCheck KEV: CVE-2012-4792
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly allocated or 2 is deleted, as demonstrated by a CDwnBindInfo object...