16763 matches found
Eaton ELCSoft Heap Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of EPC...
Oracle Java Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to leak arbitrary information on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x13C71 IOCTL in the BwOpcTool subsystem. A stack-based buff...
Advantech WebAccess datacore Service datacore.exe AlarmMessage sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Kernel subsystem. A stack-based buffer...
Oracle Application Testing Suite Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...
Unitronics VisiLogic OPLC IDE File Parsing Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
SAP 3D Visual Enterprise Viewer 3DM Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
(Pwn2Own) Microsoft Windows TrueType Font Pool Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...
Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability
This vulnerability allows local attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is...
ManageEngine OpManager MultipartRequestServlet fileName Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the multipartRequest servlet. The issue lies in the failure to...
(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability
This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within findOrCreateWrappe...
(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SAP SQL Anywhere .NET Data Provider Malformed Integer Stack Buffer Overflow Code Execution Vulnerability
This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of a malformed integer constant. If an application allows untrusted input to be used in a query, even if the input ...
Microsoft Internet Explorer CSetTimeoutInfo Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Sophos Cyberoam diagnose Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the diagnose...
Advantech WebAccess bwocxrun ActiveX Control Installation Vulnerability
This vulnerability allows remote attackers to install certain ActiveX controls without user interaction on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nam atom in ...
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...
Microsoft Internet Explorer Layout Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One ...
Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component whi...
WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called...
Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program...
Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion an...
Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because Java does not...
Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData...
Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a...
Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color...
Nortel CS1000 Communications Server Remote Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Nortel CS1000 Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process listening on UDP port 5100. When parsing ...
(Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Intern...
Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D componen...
Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
Oracle Business Intelligence emagent.exe nmehl_getURIParams Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence One. Authentication is not required to exploit this vulnerability. The flaw exists within the emagent.exe component which listens by default on TCP port 3938. When...
Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the portion of the server that generates reports. Due to the combination ...
Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application'...
Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability
This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which...
Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary...
Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control...