16763 matches found
Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla...
SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value...
Novell ZENworks Desktop Management Installation Service Remote Information Disclosure Vulnerability
This vulnerability allows remote attackers to impersonate valid users in vulnerable installations of Novell ZENworks Desktop Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to an information leak when querying the AWSI service which listens b...
Oracle Secure Backup Administration Server Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...
Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT...
Adobe Acrobat getIcon() Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists when processing malicious JavaScript...
Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects...
Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of th...
Panda Software AdminSecure Agent Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panda AdminSecure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AdminSecure agent which binds by default to TCP port 19226 or 19227. When processi...
Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the DFS RPC interface. When parsing a request to DFSEnum, heap allocation ...
Samba lsa_io_trans_names Heap Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to...
Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CS...
Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .PPT file. The specific flaw exists during the parsing of a malformed slide notes field within the...
Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache ActiveMQ broker, which listens on TCP port 61616 b...
X.Org Server DeepCopyPointerClasses Out-Of-Bounds Access Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Button...
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of prop...
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF vide...
Microsoft Office Word FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
(Pwn2Own) HP Color LaserJet Pro M479fdw msws Server-Side Request Forgery Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msws service. The issue results from the lack of...
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Apple macOS AudioToolbox CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...
Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) VMware Workstation UHCI Component Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UHCI...
Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSSXmlUrlResolver class. The issue results from the lack of proper validati...
X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of overlay...
Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of embedd...
Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...
Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...
Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OfficeConnect 1820 switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within the defaultpasswordcfg.lua endpoint. The...
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
(0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PDF-XChange Editor saveAs Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs...
(Pwn2Own) Microsoft Windows partmgr Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within partmgr.sys. The...
Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatche...
SAP 3D Visual Enterprise Viewer JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler...
Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...
(Pwn2Own) Cisco RV340 upload.cgi sessionid Improper Input Validation Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the sessionid parameter provided to the upload.cgi endpoint...
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of...
Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...
Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...
Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle VirtualBox TFTP Server Directory Traversal Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...
TeamViewer Improper Validation of Array Index Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer...