Lucene search
+L
ZdiMost viewed

16763 matches found

zdi
zdi
•added 2018/10/11 12:0 a.m.•37 views

Foxit Reader templates Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS1.9AI score0.03918EPSS
Exploits0References1
zdi
zdi
•added 2018/10/10 12:0 a.m.•37 views

Microsoft Internet Explorer WebCrypto importKey Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5CVSS1.1AI score0.13131EPSS
Exploits0References1
zdi
zdi
•added 2018/09/24 12:0 a.m.•37 views

Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of pro...

6.8CVSS2.3AI score0.02168EPSS
Exploits0References1
zdi
zdi
•added 2018/09/21 12:0 a.m.•37 views

Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.1CVSS5.2AI score0.02015EPSS
Exploits0References1
zdi
zdi
•added 2018/08/14 12:0 a.m.•37 views

Crestron Multiple Products CTP Console FPUTFILE Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FPUTFILE command of the CTP console. The issue results from the...

9.3CVSS2.8AI score0.07577EPSS
Exploits0References1
zdi
zdi
•added 2018/07/26 12:0 a.m.•37 views

(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

4.7CVSS2.2AI score0.00462EPSS
Exploits1References1
zdi
zdi
•added 2018/07/12 12:0 a.m.•37 views

(Pwn2Own) Microsoft Edge WebGL ImageData Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5CVSS0.8AI score0.06141EPSS
Exploits0References1
zdi
zdi
•added 2018/05/18 12:0 a.m.•37 views

Advantech WebAccess Node controlNode bnid SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

4CVSS1.8AI score0.01659EPSS
Exploits0References1
zdi
zdi
•added 2018/05/18 12:0 a.m.•37 views

Advantech WebAccess Node bwview Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwview.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process...

9.3CVSS3.6AI score0.03842EPSS
Exploits0References1
zdi
zdi
•added 2018/05/04 12:0 a.m.•37 views

Trend Micro Encryption for Email Gateway Registration Authentication Bypass Vulnerability

This vulnerability allows remote attackers to reset the Administrator password on vulnerable installations of Trend Micro Encryption for Email Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the product registration process. T...

10CVSS1.5AI score0.10565EPSS
Exploits5References1
zdi
zdi
•added 2018/04/20 12:0 a.m.•37 views

Foxit Reader XFA Button execEvent Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent...

6.8CVSS2.5AI score0.03226EPSS
Exploits0References1
zdi
zdi
•added 2018/03/19 12:0 a.m.•37 views

Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.1CVSS3AI score0.15875EPSS
Exploits0References1
zdi
zdi
•added 2018/02/27 12:0 a.m.•37 views

Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the...

9.3CVSS2.3AI score0.01379EPSS
Exploits0References1
zdi
zdi
•added 2018/02/21 12:0 a.m.•37 views

Adobe Acrobat Pro DC XFA picture Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

6.8CVSS2.2AI score0.13751EPSS
Exploits0References1
zdi
zdi
•added 2018/01/05 12:0 a.m.•37 views

Advantech WebAccess BWSCADASoap Login Method SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Advantech WebAccess. The specific flaw exists within processing of the Login method of the BWSCADASoap entry point. When parsing the ProjectName and Username elements, the process does not properly...

6.8CVSS9.5AI score0.06009EPSS
Exploits4References1
zdi
zdi
•added 2017/12/20 12:0 a.m.•37 views

QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the USERNAME parameter provided to the changepassword.cgi endpoint. The issue...

10CVSS2.8AI score0.03284EPSS
Exploits1References1
zdi
zdi
•added 2017/12/20 12:0 a.m.•37 views

Adobe Flash NetworkConfiguration addCustomHeader Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS2.1AI score0.06216EPSS
Exploits0References1
zdi
zdi
•added 2017/12/15 12:0 a.m.•37 views

Quest NetVault Backup Server Process Manager Service NVBUBackup JobList Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the...

7.5CVSS1.3AI score0.03933EPSS
Exploits0
zdi
zdi
•added 2017/12/15 12:0 a.m.•37 views

Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus Acknowledge Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results...

7.5CVSS2.1AI score0.10001EPSS
Exploits5
zdi
zdi
•added 2017/12/06 12:0 a.m.•37 views

Cisco WebEx ARF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

6.8CVSS6.5AI score0.0298EPSS
Exploits0References1
zdi
zdi
•added 2017/12/06 12:0 a.m.•37 views

Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

6.8CVSS6.3AI score0.0298EPSS
Exploits0References1
zdi
zdi
•added 2017/11/21 12:0 a.m.•37 views

Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS1.3AI score0.06867EPSS
Exploits0References1
zdi
zdi
•added 2017/11/20 12:0 a.m.•37 views

Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS3AI score0.09825EPSS
Exploits0References1
zdi
zdi
•added 2017/11/14 12:0 a.m.•37 views

Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS8AI score0.0672EPSS
Exploits0References1
zdi
zdi
•added 2017/11/14 12:0 a.m.•37 views

Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS8AI score0.0672EPSS
Exploits0References1
zdi
zdi
•added 2017/11/14 12:0 a.m.•37 views

Foxit Reader XFA picture Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture element...

6.8CVSS8.7AI score0.0259EPSS
Exploits0References1
zdi
zdi
•added 2017/10/10 12:0 a.m.•37 views

Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

2.6CVSS2AI score0.17147EPSS
Exploits0References1
zdi
zdi
•added 2017/09/28 12:0 a.m.•37 views

(0Day) EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. Wh...

9CVSS4.6AI score
Exploits0References2
zdi
zdi
•added 2017/09/26 12:0 a.m.•37 views

Apple Safari RegExp replace Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS1.9AI score0.01603EPSS
Exploits1References1
zdi
zdi
•added 2017/09/22 12:0 a.m.•37 views

Trend Micro Control Manager CCGIServlet ThreatSentToWatchlistResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

6CVSS8AI score
Exploits0References1
zdi
zdi
•added 2017/09/15 12:0 a.m.•37 views

Trend Micro Mobile Security for Enterprise assign_policy Id SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the assignpolicy action. When parsing the...

9CVSS4.9AI score0.50166EPSS
Exploits0References1
zdi
zdi
•added 2017/09/15 12:0 a.m.•37 views

Trend Micro Mobile Security for Enterprise notify_groups_to_scan DeviceGroupId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the notifygroupstoscan action. When parsing t...

9CVSS4.9AI score0.50166EPSS
Exploits0References1
zdi
zdi
•added 2017/09/15 12:0 a.m.•37 views

Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.5CVSS7.9AI score0.08716EPSS
Exploits0References1
zdi
zdi
•added 2017/08/17 12:0 a.m.•37 views

Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

6.2CVSS3.7AI score0.00344EPSS
Exploits0
zdi
zdi
•added 2017/08/08 12:0 a.m.•37 views

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

6.8CVSS4.5AI score0.07742EPSS
Exploits0References1
zdi
zdi
•added 2017/08/08 12:0 a.m.•37 views

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.8CVSS5.5AI score0.14416EPSS
Exploits0References1
zdi
zdi
•added 2017/08/08 12:0 a.m.•37 views

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS2.3AI score0.07594EPSS
Exploits2References1
zdi
zdi
•added 2017/08/01 12:0 a.m.•37 views

Dell EMC VNX Monitoring and Reporting Scheduler Static Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9CVSS9.6AI score0.14024EPSS
Exploits0References1
zdi
zdi
•added 2017/07/11 12:0 a.m.•37 views

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.8CVSS5.5AI score0.20498EPSS
Exploits0References1
zdi
zdi
•added 2017/07/10 12:0 a.m.•37 views

(Pwn2Own) Microsoft Windows basicrender WarpKMEscape Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

2.1CVSS7.1AI score0.033EPSS
Exploits0References1
zdi
zdi
•added 2017/07/07 12:0 a.m.•37 views

Foxit Reader setItem Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem functio...

6.8CVSS2.1AI score0.0259EPSS
Exploits0References1
zdi
zdi
•added 2017/06/21 12:0 a.m.•37 views

Microsoft Internet Explorer Array.splice Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS3.6AI score0.73289EPSS
Exploits4References1
zdi
zdi
•added 2017/06/21 12:0 a.m.•37 views

(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER RotateFromCenter Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

6.8CVSS7.1AI score
Exploits0References1
zdi
zdi
•added 2017/05/18 12:0 a.m.•37 views

(Pwn2Own) Apple macOS WindowServer Dragging Space Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WindowServer. The...

4.4CVSS4.8AI score0.01169EPSS
Exploits0References1
zdi
zdi
•added 2017/05/10 12:0 a.m.•37 views

(Pwn2Own) Microsoft Edge WriteClassesOfCategory DLL Planting Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the AppContainer sandbox on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.2CVSS3.1AI score0.0308EPSS
Exploits0References1
zdi
zdi
•added 2017/04/21 12:0 a.m.•37 views

Foxit Reader scroll Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the scroll method...

6.8CVSS7AI score
Exploits0References1
zdi
zdi
•added 2017/04/21 12:0 a.m.•37 views

Foxit Reader importAnXFDF Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDF...

6.8CVSS7AI score
Exploits0References1
zdi
zdi
•added 2017/03/31 12:0 a.m.•37 views

Apple iOS legacy-diagnostics Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must connect to a WiFi access point. The specific flaw exists within the usage of the legacy-diagnostics protoc...

4.4CVSS2.6AI score0.0131EPSS
Exploits0References1
zdi
zdi
•added 2017/03/30 12:0 a.m.•37 views

Trend Micro InterScan Web Security Virtual Appliance PacFileManagement delete_pac_files Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete operation of the PacFileManagement servlet...

9CVSS5.7AI score
Exploits0References1
zdi
zdi
•added 2017/03/29 12:0 a.m.•37 views

Trend Micro InterScan Web Security Virtual Appliance ReportHandler DoCmd Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ReportHandler's DoCmd method. A crafted cmd parameter...

9CVSS5.3AI score
Exploits0References1
Total number of security vulnerabilities5000