16763 matches found
Apple OS X IOPMrootDomain Memory Corruption Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOPMrootDomain. By...
(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw th...
(Pwn2Own) Microsoft Exchange Server Autodiscover Server Side Request Forgery Authentication Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation...
Adobe Acrobat Pro DC ImageConversion PCX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
(0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
Hewlett-Packard Data Protector Backup Client Service Opcode 45 and 46 Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP port 5555...
Trend Micro Control Manager TMCM_MembershipProvider ValidateUser Password Hash Usage Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of challenges for authentication. The implementation of the...
(0Day) Belkin NetCam SetSmartDevURL Server-Side Request Forgery Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin NetCam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the Wemo SetSmartDevURL API. A crafted request can trigger...
Novell NetIQ Access Manager OspUIBasicSSODownload Servlet fileInfo1 Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadBasicSSOServlet servlet. When parsing the fileInfo1...
Dahua Technology IP Camera Predictable Password Algorithm Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability. The specific flaw exists within the disaster recovery password functionality. If the device uses its defaul...
(0Day) Belkin Wemo Link and Smart Plug UPNP changeFriendlyName Buffer Overflow Denial of Service Vulnerability
This vulnerability allows attackers on the local network to create a denial-of-service condition on the Belkin Wemo Link and Smart Plug device, despite factory resets. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML parsing in the...
Trend Micro Control Manager AdHocQuery_Processor ProductLogQuery SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Oracle VirtualBox crUnpackPolygonStipple Untrusted Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_contentOnly Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...
(0Day) Belkin Wemo Link syseventd Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin Wemo Link. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syseventd daemon, which listens on TCP port 52367 by default. The issue results...
Oracle VirtualBox crServerDispatchDeleteProgramsARB Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle WebLogic Remote Diagnosis Server. The specific flaw exists within the Remote Diagnosis Assistant, which listens on TCP port 8888 when enabled. The issue results from unrestricted access to th...
(0Day) ZyXEL P-870H-51 DSL Router Multiple Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by...
Hewlett Packard Enterprise Intelligent Management Center RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the euplat RMI registry. The issue results fr...
Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center Smart Connect with Wireless Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
Oracle VirtualBox crUnpackTexGendv Stack-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Wecon LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...
Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman.exe. The issue results from the lack of...
Wecon LeviStudioU MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Trend Micro Control Manager CCGIServlet ID_QUERY_COMMAND_TRACKING_USER_ID SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...
Oracle WebLogic Remote Diagnosis Assistant rda_tfa_hrs Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of the...
Trend Micro Control Manager GetRuleList SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the GetRuleLis...
Oracle VirtualBox crServerDispatchDeleteTextures Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Trend Micro Control Manager TopSensitiveMachines SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Trend Micro Control Manager TemplateMatchByChannel SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Trend Micro Control Manager TopViolatorsByTemplate SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of the...
Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Trend Micro Control Manager sCloudService GetProductServerType SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Oracle VirtualBox crStatePixelMapuiv Stack-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Oracle VirtualBox crServerDispatchCallLists Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Trend Micro Control Manager AdHocQuery_Processor External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Control Manager AntiVirusSummary SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Hewlett Packard Enterprise Intelligent Management Center redirectviewer Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Trend Micro Control Manager GetChannelList SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Wecon LeviStudioU General FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Trend Micro Control Manager ComponentCompliance SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Dell EMC Storage Manager EmConfigMigration Servlet Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Dell EMC Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmConfigMigration servlet, which listens on TCP port 3033 by...
Trend Micro Control Manager NetworkVirusSummary SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Trend Micro Control Manager SpywareSummary SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Trend Micro Control Manager DLPIncidentJobWidget SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Trend Micro Control Manager PolicyResult SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the PolicyResu...
Wecon LeviStudioU General WriteAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...