16763 matches found
(Pwn2Own) Apple iOS backboardd Double Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the backboardd service...
(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of an...
WECON LeviStudio PLC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
NetGain Systems Enterprise Manager service.service_005ffailures_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Microsoft Windows JavaScript Array Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within jscript9. By...
Microsoft Windows Submenu Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing o...
Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Apple Safari JSString Out-Of-Bounds Access Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Trend Micro Control Manager ProductTree XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Mobile Security for Enterprise save_eas_agent_setting SlinkId SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the easagentregister action. When parsing...
(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCHMI UpdateShapeGeo Untrusted Pointer Dereference Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within web server access to the scdefault directory. The issue results from the...
Microsoft Edge XAML File Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XA...
Adobe Acrobat Pro DC ImageConversion EMF Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
Apple OS X IOReportUserClient Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
(Pwn2Own) Apple Safari ProcessingInstruction Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
(Pwn2Own) Apple macOS authd Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the authd service. The...
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Arbitrary File Deletion Denial of Service Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...
Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JPEG2000...
Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Flash AS2 New Opcode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...
Microsoft Edge JavaScript Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. The specific flaw exists within UrlAccessController. The doFilter method contains multiple ways to bypass authentication if the URI contains...
Trend Micro Deep Discovery Email Inspector reboot_after_hotfix Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within rebootafterhotfix.php. The issue results from...
Brocade Network Advisor CliMonitorReportServlet Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Brocade Network Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CliMonitorReportsServlet servlet. The issue results from the lack ...
Apple OS X AppleGraphicsPowerManagement Null Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
Microsoft Windows Icon File Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file or folder. The specific flaw exists within the...
Adobe Flash Player BitmapData Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Edge CGeolocationManager Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge...
Microsoft Edge InjectHtmlStream Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to corrupt memory on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within InjectHtmlStream. By...
Oracle Java Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to leak arbitrary information on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Panasonic FPWIN Pro GetBlock Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...
Microsoft Internet Explorer AcquireLineBoxBuilderForLayout Null Array Base Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Edge Text Node Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge...
Advantech WebAccess webvrpcs Service BwpAlarm.dll sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11178 IOCTL in the BwpAlarm subsystem. A stack-based buffe...
Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x11367 IOCTL in the BwpAlarm subsystem. A heap-based buffer...
(0Day) Advantech WebAccess webvrpcs Service viewdll1.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A heap-based buffe...
(0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EjbObjectInputStream which accepts and deserializes any Java serialized binary stream...
Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...
Microsoft Windows VBScript Replace Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...
Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...
Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PCAPNG...
Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which listens by default on port 4000. By providi...
Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability i...
Microsoft Office Visio UML Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within UML...
Microsoft Internet Explorer CImgTaskSvgDoc Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to cause a use-after-free condition on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...