16763 matches found
HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The...
Adobe Shockwave iml32.dll DEMX Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML...
IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBa...
IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function...
IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile optio...
Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the...
Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handl...
Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Apple QuickTime STTS atom Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...
Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of t...
Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on T...
Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remo...
Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC...
Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Hewlett-Packard Network Node Manager OVutil.dll Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the ovutil.dll component which is loaded by the webserver listeni...
Apple Quicktime Sorenson Video Codec Decoding Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way...
Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid iCount POST...
HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge...
Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the gp.ocx ActiveX control. Th...
Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious presentation. The specific flaw exists in the handling of...
Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the parsi...
Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists in the parsing of long file:// URL arguments to...
Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application...
Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. Exploitation requires that the attacker coerce the target into opening a malicious .PPT file. The specific flaw exists in the parsing of the OutlineTextRefAtom 3998. By...
Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mod...
Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when processing malicious javascript contained in a PDF document. When creating a Collab...
Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted...
Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability
This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the...
Apple QuickTime Kodak Encoding Heap Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qt...
Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack...
Microsoft Internet Explorer Element Tags Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects...
Hewlett-Packard OpenView Radia Integration Server File System Exposure Vulnerability
This vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP...
Novell Client NWSPOOL.DLL Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through...
Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX...
Mozilla Firefox Javascript navigator Object Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists when assigning specific values to the...
Mozilla Firefox Tag Parsing Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The...
Autodesk AutoCAD IGS File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IG...
(Pwn2Own) Microsoft Windows UnserializePropertySet Privilege Context Switching Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation o...