16763 matches found
(0Day) Advantech WebAccess webvrpcs Service viewdll1.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A heap-based buffe...
Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...
Microsoft Windows VBScript Replace Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...
Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which listens by default on port 4000. By providi...
(0Day) ASUS TM-AC1900 httpd Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ASUS TM-1900. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP header parsing routine. The issue lies in the failure to check the size of...
Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability
This vulnerability allows local attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
(Pwn2Own) Microsoft Windows TrueType Font Pool Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...
(0Day) Hewlett-Packard Client Automation Agent Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hewlett-Packard Client Automation agent. An attacker can send...
(Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability
This vulnerability allows attackers to escape the Enhanced Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CTitleElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Reader Text Annotations Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...
Microsoft Word ptCount Element Uninitialized Memory Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
ManageEngine OpManager MultipartRequestServlet fileName Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the multipartRequest servlet. The issue lies in the failure to...
Microsoft Internet Explorer Layout::FlowBoxBuilder Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) Apple Safari Uninitialized Buffer Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
(Pwn2Own) Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MultipartRequestServlet servlet. The issue lies in the failure to sanitize...
(0Day) WebGate Control Center WESPDiscovery.WESPDiscoveryCtrl.1 TCPDiscovery Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate Control Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteChannel Property Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
VMware Workstation Authorization Service Denial-of-Service Vulnerability
This vulnerability allows remote attackers to cause a denial-of-service on vulnerable installations of VMWare Workstation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VMWare Authorization service, which is listening on port 912. By sending a...
Hewlett-Packard Sprinter TTF16.ocx SwapTables Method Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability is found in Tidestone Formula One...
Advantech WebAccess dvs.ocx SetParameter Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Advantech WebAccess dvs.ocx ServerResponse Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Internet Explorer CDXTFilterNode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOKit. The...
Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nam atom in ...
GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter...
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
ISC BIND rdata Denial Of Service Vulnerability
This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. The issue...
Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CMMImageLayout...
Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AWT mlib library...
Oracle Java MethodHandle Sandbox Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...
Microsoft Internet Explorer pasteHTML Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library'...
Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecuritycdsaplugin which implements routines defined in libsecuritycssm. The library defin...
Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because Java does not...
Adobe Reader Image Data Buffer Allocation Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image...
(0Day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin and lmgrd components which listen by default on TCP...
Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a...
HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69...
Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of th...
Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user...
Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setOuterText...
Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(0Day) IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing th...
Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
Oracle Business Intelligence emagent.exe nmehl_getURIParams Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence One. Authentication is not required to exploit this vulnerability. The flaw exists within the emagent.exe component which listens by default on TCP port 3938. When...
Trend Micro Control Manager Server-agent Communication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the mrf.exe component composes a string used to display an error...