16763 matches found
Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to tamper with the web interface of affected installations of Trend Micro InterScan Web Security Virtual Appliance. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
Apple macOS AudioToolboxCore AIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache Solr application. When parsing t...
(Pwn2Own) Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of...
Trend Micro InterScan Web Security Virtual Appliance Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the LogSettingHandler class. When parsing the mountdevi...
Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. The specific flaw exists within the Apache Solr application. The issue results from the lack of proper implementation of authentication. An attack...
Adobe Premiere Rush MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Rush. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Premiere Pro MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Audition MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
Adobe Character Animator EPS BoundingBox Element Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of...
(0Day) Microsoft Windows WLAN Connection Profile Missing Authentication Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of WL...
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...
FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of...
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...
FreeBSD Kernel NAT Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of FreeBSD Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of...
(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert ZIP Path Traversal Remote Code Execution Vulnerability
The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...
(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability
The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...
(0Day) Advantech WebAccess Node DATACORE Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within DATACORE.exe. The issue results from the lack of proper validation of the lengt...
(0Day) Advantech WebAccess Node Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Directory Traversal Remote Code Execution Vulnerability
The vulnerablity allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
Microsoft SharePoint Shared Forms Incomplete Blacklist Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to invoke a shared form in a way that allo...
Eaton Intelligent Power Manager mc2 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton Intelligent Power Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within systemsrv.js. The issue results from the lack of proper validation of a...
Eaton Intelligent Power Manager mc2 Incorrect Privilege Assignment Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Eaton Intelligent Power Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the mc2 binary. The issue results from the lack of proper validation of user...
Microsoft Internet Explorer JScript Garbage Collection Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows Media Player HEVC Stream Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Reader DC JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...
Microsoft Windows PDF Library DirectWrite Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...
Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...
Microsoft Internet Explorer CWMPErrorDlg Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Reader DC JPEG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) Microsoft Windows DirectComposition SetReferenceArrayProperty Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of th...
Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...
(Pwn2Own) Adobe Acrobat Reader DC Field Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Field...
Microsoft Windows EMF EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...
Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c71 SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00013c71 in BwWebSvc.dll. The issue...
Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002775 Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002775 in DrawSrv.dll. The issue results from...
Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002711 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002711 in ViewSrv.dll. The issue results from...
Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002722 in ViewSrv.dll. The issue resul...
Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002723 Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002723 in DrawSrv.dll. The issue results from...
Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BwBacNetJ driver. The issue results from the lack of proper validation of...
Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002711 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x00002711 in DrawSrv.dll. The issue results from...
Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791d Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x0000791d in DATACORE.exe. The issue results from...
Advantech WebAccess/SCADA DATACORE IOCTL 0x520B Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x520B in datacore.exe. The issue results from the lac...