Max CVSS 10.0 Min CVSS 1.5 Total Count866
IDCVSSSummaryLast (major) updatePublished
CVE-2017-8759 9.3
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-14344 None
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
12-09-2017 - 14:29 12-09-2017 - 14:29
CVE-2017-14153 7.2
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
11-09-2017 - 13:29 11-09-2017 - 13:29
CVE-2017-14075 7.2
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific
11-09-2017 - 13:29 11-09-2017 - 13:29
CVE-2017-11567 6.8
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leverage
07-09-2017 - 09:29 07-09-2017 - 09:29
CVE-2017-9644 6.9
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5
25-08-2017 - 15:29 25-08-2017 - 15:29
CVE-2017-9767 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description p
18-08-2017 - 12:29 18-08-2017 - 12:29
CVE-2017-3106 9.3
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
11-08-2017 - 15:29 11-08-2017 - 15:29
CVE-2015-2291 7.2
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x8086201
09-08-2017 - 14:29 09-08-2017 - 14:29
CVE-2017-8671 7.6
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling obj
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8670 7.6
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects i
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8657 7.6
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling obj
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8656 7.6
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects i
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8646 7.6
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in me
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8645 7.6
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in me
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8644 4.3
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8641 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8640 7.6
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8636 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8635 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8634 7.6
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-10204 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastruc
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10129 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastruc
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-7442 6.8
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
03-08-2017 - 04:29 03-08-2017 - 04:29
CVE-2017-8870 6.8
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
27-07-2017 - 14:29 27-07-2017 - 14:29
CVE-2017-9413 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmi
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2017-11517 7.5
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
21-07-2017 - 16:29 21-07-2017 - 16:29
CVE-2017-9415 5.1
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
21-07-2017 - 10:29 21-07-2017 - 10:29
CVE-2017-8618 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scrip
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8601 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Mi
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8594 7.6
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Expl
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8564 2.1
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8558 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10
29-06-2017 - 09:29 29-06-2017 - 09:29
CVE-2015-9098 10.0
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monit
22-06-2017 - 15:29 22-06-2017 - 15:29
CVE-2017-8487 9.3
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
15-06-2017 - 16:29 15-06-2017 - 16:29
CVE-2017-8550 8.5
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8548 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engin
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8496 7.6
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8492 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8491 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8490 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8489 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8488 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8485 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8484 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8483 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8482 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8481 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8480 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8479 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8478 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8477 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8476 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8473 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly in
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8472 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8471 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8470 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8469 2.1
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8464 9.3
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers t
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8462 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0300 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0299 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0289 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0288 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0287 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Unisc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0286 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0285 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0284 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0283 9.3
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Wor
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0282 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-9557 5.0
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
12-06-2017 - 11:29 12-06-2017 - 11:29
CVE-2017-9544 7.5
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbit
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9543 5.0
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-7180 6.9
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected direct
08-06-2017 - 08:29 08-06-2017 - 08:29
CVE-2017-9355 4.3
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
07-06-2017 - 15:29 07-06-2017 - 15:29
CVE-2017-8541 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8540 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8538 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8537 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8536 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8535 4.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-1092 10.0
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-4916 6.8
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9024 5.0
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
21-05-2017 - 10:29 21-05-2017 - 10:29
CVE-2017-5177 5.0
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. Th
18-05-2017 - 23:29 18-05-2017 - 23:29
CVE-2017-8927 6.8
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-8926 6.8
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-0259 1.9
The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Wind
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0258 1.9
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensi
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0245 1.9
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0220 1.9
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerab
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0214 4.4
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0213 1.9
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-0175 2.1
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulner
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-8339 4.9
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-0290 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
11-05-2017 - 21:29 09-05-2017 - 02:29
CVE-2017-8895 10.0
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated att
10-05-2017 - 17:29 10-05-2017 - 17:29
CVE-2017-7293 7.2
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1
10-05-2017 - 12:48 26-04-2017 - 01:59
CVE-2017-6953 4.6
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
08-05-2017 - 13:29 08-05-2017 - 13:29
CVE-2017-7720 4.6
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.
03-05-2017 - 09:15 26-04-2017 - 10:59
CVE-2017-8367 4.6
Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy,
30-04-2017 - 15:59 30-04-2017 - 15:59
CVE-2015-8285 5.0
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
26-04-2017 - 21:59 20-04-2017 - 17:59
CVE-2017-7457 1.9
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
21-04-2017 - 14:24 14-04-2017 - 10:59
CVE-2017-0199 9.3
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted do
20-04-2017 - 14:23 12-04-2017 - 10:59
CVE-2017-7455 5.0
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-7456 5.0
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-0202 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "
20-04-2017 - 13:47 12-04-2017 - 10:59
CVE-2017-0211 4.3
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE
20-04-2017 - 12:58 12-04-2017 - 10:59
CVE-2017-3006 9.0
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
19-04-2017 - 19:33 12-04-2017 - 10:59
CVE-2017-0167 2.1
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulne
18-04-2017 - 13:15 12-04-2017 - 10:59
CVE-2017-0160 7.2
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
18-04-2017 - 10:07 12-04-2017 - 10:59
CVE-2017-0058 1.9
A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the us
18-04-2017 - 10:02 12-04-2017 - 10:59
CVE-2017-0165 7.2
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vu
17-04-2017 - 15:12 12-04-2017 - 10:59
CVE-2017-7237 7.5
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP po
12-04-2017 - 15:27 06-04-2017 - 11:59
CVE-2016-8769 7.2
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obta
10-04-2017 - 21:06 02-04-2017 - 16:59
CVE-2017-0037 7.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via ve
03-04-2017 - 21:59 26-02-2017 - 18:59
CVE-2017-7310 6.8
A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long
03-04-2017 - 09:43 29-03-2017 - 17:59
CVE-2017-7269 10.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://
01-04-2017 - 21:59 26-03-2017 - 22:59
CVE-2017-0100 4.4
A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a craft
31-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-7183 5.0
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
31-03-2017 - 07:51 27-03-2017 - 13:59
CVE-2017-7230 7.5
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
30-03-2017 - 21:59 22-03-2017 - 14:59
CVE-2017-0038 4.3
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers
27-03-2017 - 21:59 20-02-2017 - 11:59
CVE-2017-0072 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
27-03-2017 - 10:31 16-03-2017 - 20:59
CVE-2017-6178 4.6
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
24-03-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-0045 4.3
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site
24-03-2017 - 07:01 16-03-2017 - 20:59
CVE-2017-0063 4.3
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows
24-03-2017 - 06:55 16-03-2017 - 20:59
CVE-2016-0049 2.1
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypas
23-03-2017 - 21:59 10-02-2016 - 06:59
CVE-2017-0118 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sens
23-03-2017 - 12:54 16-03-2017 - 20:59
CVE-2017-0121 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sens
23-03-2017 - 12:40 16-03-2017 - 20:59
CVE-2017-0084 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
23-03-2017 - 12:37 16-03-2017 - 20:59
CVE-2017-6805 5.0
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
23-03-2017 - 11:08 20-03-2017 - 12:59
CVE-2017-5496 5.0
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
21-03-2017 - 14:43 15-03-2017 - 11:59
CVE-2017-0108 9.3
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allo
21-03-2017 - 13:55 16-03-2017 - 20:59
CVE-2017-0061 2.6
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a
21-03-2017 - 13:44 16-03-2017 - 20:59
CVE-2017-6880 7.5
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
21-03-2017 - 12:54 17-03-2017 - 13:59
CVE-2017-0062 1.9
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain
21-03-2017 - 11:32 16-03-2017 - 20:59
CVE-2017-0060 1.9
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain
21-03-2017 - 11:32 16-03-2017 - 20:59
CVE-2017-5359 5.0
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
21-03-2017 - 11:18 15-03-2017 - 11:59
CVE-2017-5358 7.5
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
21-03-2017 - 11:17 15-03-2017 - 11:59
CVE-2017-0103 4.4
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Regis
20-03-2017 - 14:54 16-03-2017 - 20:59
CVE-2017-0147 4.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
20-03-2017 - 10:34 16-03-2017 - 20:59
CVE-2017-0070 7.6
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitra
20-03-2017 - 09:21 16-03-2017 - 20:59
CVE-2017-0148 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0146 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0145 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0144 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0143 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0128 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0127 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0126 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0125 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0124 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0123 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0122 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0120 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerab
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0119 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0117 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0116 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0115 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0114 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0113 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0112 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0111 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0092 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0091 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0090 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0089 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0088 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0087 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0086 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0085 4.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability."
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0083 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is diffe
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0059 4.3
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those descr
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-6367 5.0
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
16-03-2017 - 21:59 14-03-2017 - 05:59
CVE-2017-3813 7.2
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability
15-03-2017 - 21:59 09-02-2017 - 12:59
CVE-2017-6506 7.5
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
14-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-6465 7.5
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
14-03-2017 - 15:31 09-03-2017 - 20:59
CVE-2016-7255 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gai
13-03-2017 - 21:59 10-11-2016 - 02:00
CVE-2014-4113 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
13-03-2017 - 21:59 15-10-2014 - 06:55
CVE-2017-6416 7.5
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
07-03-2017 - 21:59 05-03-2017 - 21:59
CVE-2016-8377 6.0
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes
03-03-2017 - 10:52 13-02-2017 - 16:59
CVE-2017-6187 7.5
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
01-03-2017 - 21:59 22-02-2017 - 18:59
CVE-2016-10079 5.0
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
27-02-2017 - 21:37 01-02-2017 - 14:59
CVE-2016-0189 7.6
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
23-02-2017 - 21:59 10-05-2016 - 21:59
CVE-2015-5696 5.0
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.
23-02-2017 - 21:59 14-08-2015 - 14:59
CVE-2017-0313 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside o
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-0312 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potenti
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-5881 6.8
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
23-02-2017 - 10:59 21-02-2017 - 02:59
CVE-2016-9332 7.8
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could res
17-02-2017 - 09:47 13-02-2017 - 16:59
CVE-2015-8635 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 28-12-2015 - 18:59
CVE-2015-8431 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8430 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8429 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8428 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8427 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8425 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8424 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8423 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8422 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8421 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8420 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-5568 10.0
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to caus
16-02-2017 - 21:59 22-09-2015 - 06:59
CVE-2015-5133 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5132 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5131 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5130 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5127 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2016-7288 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
10-02-2017 - 21:59 20-12-2016 - 01:59
CVE-2017-5329 4.6
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
07-02-2017 - 17:42 27-01-2017 - 17:59
CVE-2016-1013 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerab
01-02-2017 - 21:59 08-04-2016 - 21:59
CVE-2016-1011 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerab
01-02-2017 - 21:59 08-04-2016 - 21:59
CVE-2016-5237 1.9
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
25-01-2017 - 15:23 23-01-2017 - 16:59
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
20-01-2017 - 12:23 19-01-2017 - 17:59
CVE-2016-8811 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8810 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8809 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8808 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8807 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is pass
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8806 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passe
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-8805 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7391 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7390 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7387 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7386 2.1
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to lea
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7385 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7384 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController D
19-01-2017 - 21:59 08-11-2016 - 15:59
CVE-2016-7201 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7200 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2014-8440 10.0
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attacker
06-01-2017 - 22:00 11-11-2014 - 18:55
CVE-2014-6332 9.3
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute ar
06-01-2017 - 22:00 11-11-2014 - 17:55
CVE-2014-4971 7.2
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the M
06-01-2017 - 22:00 26-07-2014 - 11:55
CVE-2014-3434 6.9
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL
06-01-2017 - 21:59 06-08-2014 - 15:55
CVE-2014-2623 10.0
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
06-01-2017 - 21:59 17-07-2014 - 20:55
CVE-2014-2477 3.6
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a diffe
06-01-2017 - 21:59 17-07-2014 - 01:10
CVE-2014-0556 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR S
06-01-2017 - 21:59 09-09-2014 - 21:55
CVE-2014-0497 10.0
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
06-01-2017 - 21:59 05-02-2014 - 00:15
CVE-2014-0282 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-01-2017 - 21:59 11-06-2014 - 00:56
CVE-2014-0257 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted
06-01-2017 - 21:59 11-02-2014 - 23:50
CVE-2013-5045 6.2
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerabi
06-01-2017 - 21:59 10-12-2013 - 19:55
CVE-2015-3073 10.0
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061,
05-01-2017 - 15:06 13-05-2015 - 07:00
CVE-2016-1002 10.0
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow atta
03-01-2017 - 21:59 12-03-2016 - 10:59
CVE-2015-2572 4.6
Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors relat
03-01-2017 - 13:40 16-04-2015 - 13:00
CVE-2016-7084 6.9
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial
03-01-2017 - 13:20 29-12-2016 - 04:59
CVE-2016-7083 5.9
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (hos
03-01-2017 - 13:02 29-12-2016 - 04:59
CVE-2015-3632 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
02-01-2017 - 22:00 01-05-2015 - 11:59
CVE-2015-3093 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 22:00 13-05-2015 - 07:00
CVE-2015-3089 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3088 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compile
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3087 10.0
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 1
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3083 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3082 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3081 4.3
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3080 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compi
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-2281 7.5
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
02-01-2017 - 21:59 19-03-2015 - 10:59
CVE-2015-1701 7.2
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vul
02-01-2017 - 21:59 21-04-2015 - 06:59
CVE-2015-1674 1.9
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discov
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1635 10.0
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerabilit
02-01-2017 - 21:59 14-04-2015 - 16:59
CVE-2015-0313 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited
02-01-2017 - 21:59 02-02-2015 - 14:59
CVE-2015-0016 9.3
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remot
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2014-7288 9.0
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
02-01-2017 - 21:59 31-01-2015 - 21:59
CVE-2016-10031 6.9
** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code
30-12-2016 - 21:59 27-12-2016 - 02:59
CVE-2015-3106 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-1730 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-0336 9.3
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than
30-12-2016 - 21:59 13-03-2015 - 13:59
CVE-2015-0050 9.3
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
30-12-2016 - 21:59 10-02-2015 - 22:00
CVE-2015-0040 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015
30-12-2016 - 21:59 10-02-2015 - 22:00
CVE-2014-4138 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
30-12-2016 - 21:59 15-10-2014 - 06:55
CVE-2014-1785 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
30-12-2016 - 21:59 11-06-2014 - 00:56
CVE-2013-7409 7.5
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
30-12-2016 - 21:59 30-10-2014 - 11:55
CVE-2013-7280 4.3
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
30-12-2016 - 21:59 08-01-2014 - 10:30
CVE-2013-7260 7.5
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML
30-12-2016 - 21:59 03-01-2014 - 15:55
CVE-2013-4988 9.3
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
30-12-2016 - 21:59 13-12-2013 - 13:07
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2013-3143 9.3
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
30-12-2016 - 21:59 09-07-2013 - 23:46
CVE-2013-3120 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
30-12-2016 - 21:59 11-06-2013 - 23:30
CVE-2013-3111 9.3
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
30-12-2016 - 21:59 11-06-2013 - 23:29
CVE-2013-1309 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
30-12-2016 - 21:59 14-05-2013 - 23:36
CVE-2013-1306 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnera
30-12-2016 - 21:59 14-05-2013 - 23:36
CVE-2013-0090 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
30-12-2016 - 21:59 12-03-2013 - 20:55
CVE-2013-0019 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
30-12-2016 - 21:59 13-02-2013 - 07:04
CVE-2008-5753 9.3
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
30-12-2016 - 21:59 30-12-2008 - 12:30
CVE-2016-0199 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
29-12-2016 - 09:42 15-06-2016 - 21:59
CVE-2016-0063 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
29-12-2016 - 09:42 10-02-2016 - 06:59
CVE-2015-6168 9.3
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
29-12-2016 - 08:19 09-12-2015 - 06:59
CVE-2016-7287 7.6
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability
27-12-2016 - 21:59 20-12-2016 - 01:59
CVE-2016-7286 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
27-12-2016 - 21:59 20-12-2016 - 01:59
CVE-2015-5122 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and
27-12-2016 - 21:59 14-07-2015 - 06:59
CVE-2015-3134 10.0
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow atta
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3124 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3118 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2016-3247 5.1
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
23-12-2016 - 21:59 14-09-2016 - 06:59
CVE-2016-3222 9.3
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
23-12-2016 - 21:59 15-06-2016 - 21:59
CVE-2015-4878 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4877 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4481 3.3
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log fi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2016-7241 7.6
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
23-12-2016 - 16:00 10-11-2016 - 01:59
CVE-2016-7202 7.6
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vul
23-12-2016 - 15:59 10-11-2016 - 01:59
CVE-2016-7866 10.0
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
21-12-2016 - 22:00 15-12-2016 - 01:59
CVE-2016-7274 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
21-12-2016 - 22:00 20-12-2016 - 01:59
CVE-2015-6923 7.2
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
21-12-2016 - 22:00 21-09-2015 - 15:59
CVE-2015-2528 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2527 7.2
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which a
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2525 7.2
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restri
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2524 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2523 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft O
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2521 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2520 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerabili
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2510 9.3
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remot
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2509 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2508 7.2
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-6305 7.2
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current w
12-12-2016 - 14:01 25-09-2015 - 21:59
CVE-2015-2554 7.2
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerabili
12-12-2016 - 13:25 13-10-2015 - 21:59
CVE-2015-2553 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which make
12-12-2016 - 13:24 13-10-2015 - 21:59
CVE-2015-2482 9.3
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
12-12-2016 - 13:20 13-10-2015 - 21:59
CVE-2014-6363 9.3
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScri
09-12-2016 - 13:20 10-12-2014 - 19:59
CVE-2015-7622 10.0
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbit
07-12-2016 - 22:14 14-10-2015 - 19:59
CVE-2015-7387 7.5
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do,
07-12-2016 - 22:13 28-09-2015 - 11:59
CVE-2013-6935 9.3
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
07-12-2016 - 22:04 04-12-2013 - 13:56
CVE-2010-5301 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
07-12-2016 - 22:01 13-06-2014 - 10:55
CVE-2010-2343 9.3
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
07-12-2016 - 22:01 21-06-2010 - 11:30
CVE-2016-9796 10.0
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow)
07-12-2016 - 13:33 03-12-2016 - 01:59
CVE-2016-0016 6.9
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain pri
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0015 9.3
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file,
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0007 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0006 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2015-8412 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8411 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8410 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8046 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:26 11-11-2015 - 08:00
CVE-2015-7865 7.7
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local us
07-12-2016 - 13:25 24-11-2015 - 15:59
CVE-2015-7652 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:24 11-11-2015 - 07:59
CVE-2015-6131 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6127 4.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6104 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6103 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6102 2.1
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protec
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6101 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6100 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6098 7.2
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS El
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6086 4.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2014-6287 7.5
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
06-12-2016 - 22:00 07-10-2014 - 06:55
CVE-2010-4417 7.5
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
06-12-2016 - 21:59 19-01-2011 - 11:00
CVE-2016-1525 7.8
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-0051 7.2
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted applic
05-12-2016 - 22:04 10-02-2016 - 06:59
CVE-2014-7872 7.2
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
05-12-2016 - 21:59 09-06-2015 - 10:59
CVE-2016-4004 4.0
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
02-12-2016 - 22:27 12-04-2016 - 13:59
CVE-2016-2004 9.3
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE
02-12-2016 - 22:24 21-04-2016 - 07:00
CVE-2016-1960 6.8
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging
02-12-2016 - 22:23 13-03-2016 - 14:59
CVE-2016-1001 10.0
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compile
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-1000 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0999 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0998 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0997 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compi
02-12-2016 - 22:19 12-03-2016 - 10:59
CVE-2016-0954 10.0
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
02-12-2016 - 22:18 09-03-2016 - 06:59
CVE-2016-0953 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0952 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0951 10.0
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-20
02-12-2016 - 22:18 10-02-2016 - 15:59
CVE-2016-0854 10.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified v
02-12-2016 - 22:18 14-01-2016 - 22:59
CVE-2016-0145 9.3
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0
02-12-2016 - 22:15 12-04-2016 - 19:59
CVE-2016-0122 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft
02-12-2016 - 22:15 12-04-2016 - 19:59
CVE-2016-0121 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0120 7.1
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0111 7.6
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0108 7.6
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0099 7.2
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0094 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted a
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2016-0093 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted a
02-12-2016 - 22:15 09-03-2016 - 06:59
CVE-2015-2790 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2789 4.4
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2169 4.3
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned
02-12-2016 - 22:04 24-06-2015 - 10:59
CVE-2011-4722 7.8
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
02-12-2016 - 21:59 27-12-2014 - 21:59
CVE-2016-4534 3.0
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry hand
30-11-2016 - 22:10 05-05-2016 - 14:59
CVE-2016-0185 9.3
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
30-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-0173 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted a
30-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-3223 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3220 6.9
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain p
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3216 4.3
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the AS
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-0171 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted a
29-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2015-2097 7.5
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) Cha
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2015-2094 7.5
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) S
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2009-1330 9.3
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
29-11-2016 - 21:59 17-04-2009 - 10:08
CVE-2016-9018 4.3
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
29-11-2016 - 14:20 28-10-2016 - 11:59
CVE-2016-8812 7.2
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow w
29-11-2016 - 14:18 08-11-2016 - 15:59
CVE-2016-7851 4.3
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
28-11-2016 - 15:39 08-11-2016 - 12:59
CVE-2016-7240 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7237 6.8
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 20
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7226 3.6
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerabilit
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7225 3.6
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerabilit
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7224 3.6
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7216 2.1
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerabili
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7203 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:37 10-11-2016 - 01:59
CVE-2016-7188 7.2
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privil
28-11-2016 - 15:37 13-10-2016 - 22:59
CVE-2016-7185 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a cr
28-11-2016 - 15:37 13-10-2016 - 22:59
CVE-2016-5764 6.8
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
28-11-2016 - 15:29 27-10-2016 - 16:59
CVE-2016-3388 2.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3387 6.8
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3373 4.3
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, w
28-11-2016 - 15:09 14-09-2016 - 06:59
CVE-2016-3371 4.3
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows lo
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3357 9.3
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Serv
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3325 2.6
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3324 6.8
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3313 9.3
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
28-11-2016 - 15:08 09-08-2016 - 17:59
CVE-2016-3304 9.3
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Co
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3303 9.3
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Co
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3301 9.3
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer;
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3288 7.6
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
28-11-2016 - 15:07 09-08-2016 - 17:59
CVE-2016-3237 6.9
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication
28-11-2016 - 15:06 09-08-2016 - 17:59
CVE-2016-1464 9.3
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
28-11-2016 - 14:59 03-09-2016 - 16:59
CVE-2016-1415 4.3
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
28-11-2016 - 14:59 03-09-2016 - 16:59
CVE-2016-0079 2.1
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerabi
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2016-0075 2.1
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the re
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2016-0073 2.1
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the re
28-11-2016 - 14:51 13-10-2016 - 22:59
CVE-2015-7450 10.0
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT
28-11-2016 - 14:43 02-01-2016 - 16:59
CVE-2015-6128 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
28-11-2016 - 14:38 09-12-2015 - 06:59
CVE-2015-2464 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2463 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2462 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2461 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2456 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2455 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2444 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.
28-11-2016 - 14:19 14-08-2015 - 06:59
CVE-2014-4076 7.2
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
28-11-2016 - 14:12 11-11-2014 - 17:55
CVE-2013-0008 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
28-11-2016 - 14:08 09-01-2013 - 13:09
CVE-2013-3906 9.3
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafte
01-11-2016 - 13:45 06-11-2013 - 10:55
CVE-2013-1347 9.3
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
19-10-2016 - 13:55 05-05-2013 - 07:07
CVE-2005-2428 5.0
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password ha
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-0575 7.5
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2001-0198 7.6
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2013-2347 10.0
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
21-09-2016 - 09:46 03-01-2014 - 23:51
CVE-2014-0307 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Me
09-09-2016 - 14:58 12-03-2014 - 01:15
CVE-2014-0322 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the
02-09-2016 - 21:34 14-02-2014 - 11:55
CVE-2012-6303 6.8
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large c
02-09-2016 - 16:37 28-10-2013 - 18:55
CVE-2015-0179 7.2
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
24-08-2016 - 15:24 05-04-2015 - 20:59
CVE-2016-0151 7.2
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka
03-08-2016 - 23:35 12-04-2016 - 19:59
CVE-2011-4620 9.3
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a
02-08-2016 - 09:35 30-12-2011 - 20:55
CVE-2016-5228 10.0
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argum
08-07-2016 - 08:59 02-07-2016 - 21:59
CVE-2013-0946 9.3
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
29-06-2016 - 09:57 10-05-2013 - 07:42
CVE-2015-7243 7.5
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
24-06-2016 - 11:54 18-09-2015 - 12:59
CVE-2012-0025 6.8
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
15-06-2016 - 12:31 02-11-2012 - 14:55
CVE-2015-7768 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
15-06-2016 - 08:42 09-10-2015 - 10:59
CVE-2011-5165 9.3
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
15-06-2016 - 08:26 15-09-2012 - 13:55
CVE-2014-2299 9.3
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large re
01-06-2016 - 22:25 11-03-2014 - 09:01
CVE-2016-3943 7.2
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modif
18-05-2016 - 17:45 18-04-2016 - 11:59
CVE-2016-3984 3.6
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Pa
18-05-2016 - 17:28 08-04-2016 - 11:59
CVE-2015-7378 7.2
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
18-05-2016 - 17:25 18-04-2016 - 11:59
CVE-2016-4535 7.8
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
10-05-2016 - 08:35 05-05-2016 - 14:59
CVE-2016-3987 10.0
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
18-04-2016 - 14:39 11-04-2016 - 22:00
CVE-2016-3986 9.3
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
18-04-2016 - 11:15 11-04-2016 - 22:00
CVE-2013-6194 10.0
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
06-04-2016 - 08:37 03-01-2014 - 23:51
CVE-2016-0793 5.0
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF direct
04-04-2016 - 13:48 01-04-2016 - 15:59
CVE-2016-2288 7.2
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
04-04-2016 - 11:51 29-03-2016 - 11:59
CVE-2015-2023 7.2
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
07-01-2016 - 15:10 02-01-2016 - 16:59
CVE-2015-4027 7.2
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
18-12-2015 - 13:03 17-12-2015 - 14:59
CVE-2015-6132 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain
09-12-2015 - 12:32 09-12-2015 - 06:59
CVE-2015-6152 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015
09-12-2015 - 12:03 09-12-2015 - 06:59
CVE-2011-0961 4.3
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
24-11-2015 - 13:08 20-05-2011 - 18:55
CVE-2015-1497 10.0
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
19-11-2015 - 12:04 16-02-2015 - 10:59
CVE-2015-0065 9.3
Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."
30-10-2015 - 15:27 10-02-2015 - 22:01
CVE-2015-0064 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial
23-10-2015 - 13:01 10-02-2015 - 22:01
CVE-2015-7602 7.8
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
13-10-2015 - 12:52 29-09-2015 - 15:59
CVE-2013-0928 9.3
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
13-10-2015 - 12:33 21-01-2013 - 16:55
CVE-2015-7767 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
09-10-2015 - 17:14 09-10-2015 - 10:59
CVE-2014-4141 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
08-10-2015 - 12:32 15-10-2014 - 06:55
CVE-2014-4114 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Offic
08-10-2015 - 11:29 15-10-2014 - 06:55
CVE-2014-3888 8.3
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS
08-10-2015 - 11:15 10-07-2014 - 07:06
CVE-2015-7603 7.8
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2015-7601 7.8
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2015-5465 7.2
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
17-09-2015 - 14:44 16-09-2015 - 14:59
CVE-2014-9208 10.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
14-09-2015 - 14:54 11-09-2015 - 12:59
CVE-2015-0097 9.3
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution
11-09-2015 - 11:42 11-03-2015 - 06:59
CVE-2014-4158 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
02-09-2015 - 13:03 13-06-2014 - 10:55
CVE-2014-3913 10.0
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
31-08-2015 - 14:29 04-06-2014 - 10:55
CVE-2014-3878 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new cont
31-08-2015 - 14:28 05-06-2014 - 13:55
CVE-2015-2470 9.3
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underfl
18-08-2015 - 11:11 14-08-2015 - 20:59
CVE-2015-2468 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word
18-08-2015 - 10:38 14-08-2015 - 20:59
CVE-2015-2431 9.3
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft
18-08-2015 - 10:30 14-08-2015 - 20:59
CVE-2015-2460 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5,
18-08-2015 - 03:08 14-08-2015 - 20:59
CVE-2015-2459 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 14:32 14-08-2015 - 20:59
CVE-2015-2469 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 13:57 14-08-2015 - 20:59
CVE-2015-2458 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 13:38 14-08-2015 - 20:59
CVE-2015-2467 9.3
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 12:53 14-08-2015 - 20:59
CVE-2015-2432 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to exe
17-08-2015 - 12:33 14-08-2015 - 20:59
CVE-2014-0787 10.0
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
13-08-2015 - 13:45 12-04-2014 - 00:37
CVE-2013-6040 9.3
Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.
07-08-2015 - 13:41 20-01-2014 - 20:55
CVE-2014-3740 3.5
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
31-07-2015 - 21:41 11-09-2014 - 14:55
CVE-2013-5019 10.0
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
30-07-2015 - 10:55 31-07-2013 - 09:20
CVE-2013-5015 6.5
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows r
30-07-2015 - 10:50 14-02-2014 - 08:10
CVE-2014-2314 4.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
29-07-2015 - 12:21 09-03-2014 - 09:16
CVE-2014-2013 7.5
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element
29-07-2015 - 12:20 03-03-2014 - 11:55
CVE-2014-1843 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter
29-07-2015 - 12:19 29-04-2014 - 06:37
CVE-2014-1842 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
29-07-2015 - 12:18 29-04-2014 - 06:37
CVE-2014-1841 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
29-07-2015 - 12:17 29-04-2014 - 06:37
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
29-07-2015 - 12:15 05-03-2013 - 17:06
CVE-2014-0780 7.5
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
24-07-2015 - 14:35 25-04-2014 - 01:12
CVE-2015-2370 7.2
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold
15-07-2015 - 11:24 14-07-2015 - 18:59
CVE-2015-1724 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 11:57 09-06-2015 - 21:59
CVE-2014-9566 7.5
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Net
11-03-2015 - 15:19 10-03-2015 - 10:59
CVE-2015-1515 7.2
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL
20-02-2015 - 20:23 19-02-2015 - 10:59
CVE-2015-1305 6.9
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.
19-02-2015 - 13:57 06-02-2015 - 10:59
CVE-2014-9632 7.2
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0
17-02-2015 - 10:28 06-02-2015 - 10:59
CVE-2014-9643 7.2
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9642 7.2
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9641 7.2
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
09-02-2015 - 11:02 06-02-2015 - 10:59
CVE-2014-9633 7.5
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
04-02-2015 - 11:39 03-02-2015 - 11:59
CVE-2015-1362 7.5
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
28-01-2015 - 11:17 27-01-2015 - 15:04
CVE-2014-8386 7.5
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
21-01-2015 - 12:38 20-01-2015 - 10:59
CVE-2012-0874 6.8
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
17-01-2015 - 21:59 05-02-2013 - 18:55
CVE-2014-10031 7.5
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
14-01-2015 - 16:20 13-01-2015 - 10:59
CVE-2014-100015 6.4
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
14-01-2015 - 14:47 13-01-2015 - 10:59
CVE-2014-100014 7.5
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.
14-01-2015 - 14:46 13-01-2015 - 10:59
CVE-2014-9456 10.0
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more infor
10-01-2015 - 21:59 02-01-2015 - 15:59
CVE-2014-9448 7.5
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
05-01-2015 - 22:03 02-01-2015 - 15:59
CVE-2014-9436 5.0
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
05-01-2015 - 16:12 02-01-2015 - 14:59
CVE-2014-9141 7.2
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
17-12-2014 - 11:17 02-12-2014 - 20:59
CVE-2014-9113 7.2
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinServic
15-12-2014 - 11:27 02-12-2014 - 11:59
CVE-2012-2588 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
18-11-2014 - 19:53 19-09-2014 - 10:55
CVE-2014-5507 7.2
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
04-11-2014 - 17:10 03-11-2014 - 11:55
CVE-2014-5006 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
24-10-2014 - 10:12 21-10-2014 - 11:55
CVE-2014-5005 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
24-10-2014 - 09:16 21-10-2014 - 11:55
CVE-2014-7226 7.5
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
10-10-2014 - 15:59 09-10-2014 - 21:55
CVE-2012-6658 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT
18-09-2014 - 11:33 17-09-2014 - 11:55
CVE-2012-2956 6.5
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is f
18-09-2014 - 11:32 17-09-2014 - 11:55
CVE-2014-5453 7.2
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
26-08-2014 - 11:16 25-08-2014 - 12:55
CVE-2014-5349 5.0
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
20-08-2014 - 13:36 19-08-2014 - 15:55
CVE-2014-1204 7.5
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if t
11-08-2014 - 13:21 31-01-2014 - 10:07
CVE-2013-7184 4.3
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
11-08-2014 - 12:01 24-01-2014 - 10:08
CVE-2014-5116 5.0
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
30-07-2014 - 13:18 29-07-2014 - 10:55
CVE-2014-2424 4.0
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
24-07-2014 - 00:59 15-04-2014 - 22:55
CVE-2010-5299 6.8
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is
30-06-2014 - 14:07 22-05-2014 - 20:55
CVE-2014-4643 5.0
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) P
26-06-2014 - 10:30 25-06-2014 - 16:55
CVE-2012-5877 5.0
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
24-06-2014 - 14:16 30-05-2014 - 10:55
CVE-2012-5876 5.0
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which tri
24-06-2014 - 12:24 30-05-2014 - 10:55
CVE-2014-3216 4.3
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
24-06-2014 - 10:42 10-06-2014 - 10:55
CVE-2012-5106 10.0
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
23-06-2014 - 11:32 20-06-2014 - 15:55
CVE-2012-2591 4.3
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
23-06-2014 - 10:37 20-06-2014 - 10:55
CVE-2014-4334 7.5
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
20-06-2014 - 13:51 19-06-2014 - 10:55
CVE-2012-2569 4.3
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
20-06-2014 - 10:12 19-06-2014 - 10:55
CVE-2012-2592 4.3
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
19-06-2014 - 14:15 18-06-2014 - 15:55
CVE-2004-2466 5.0
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
12-06-2014 - 21:51 31-12-2004 - 00:00
CVE-2010-5300 6.8
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
12-06-2014 - 09:08 11-06-2014 - 10:55
CVE-2006-2465 5.1
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
30-05-2014 - 22:22 19-05-2006 - 06:02
CVE-2014-3791 10.0
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
21-05-2014 - 18:35 20-05-2014 - 10:55
CVE-2013-4694 7.5
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer over
20-05-2014 - 00:07 16-04-2014 - 18:55
CVE-2014-3443 4.3
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
15-05-2014 - 14:55 14-05-2014 - 15:55
CVE-2013-7246 9.3
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
05-05-2014 - 01:31 30-01-2014 - 13:55
CVE-2011-0654 10.0
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and S
05-05-2014 - 00:53 15-02-2011 - 20:00
CVE-2014-2994 10.0
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
28-04-2014 - 12:06 27-04-2014 - 00:32
CVE-2014-1216 7.5
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
22-04-2014 - 12:24 22-04-2014 - 09:06
CVE-2014-2671 6.8
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
14-04-2014 - 10:29 31-03-2014 - 10:58
CVE-2009-5141 4.0
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
01-04-2014 - 07:07 31-03-2014 - 23:24
CVE-2013-5014 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitra
26-03-2014 - 00:51 14-02-2014 - 08:10
CVE-2012-4886 10.0
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
24-03-2014 - 18:14 24-03-2014 - 12:43
CVE-2013-3928 9.3
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
12-03-2014 - 08:51 11-03-2014 - 15:37
CVE-2013-6767 7.2
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
05-03-2014 - 23:49 20-12-2013 - 17:55
CVE-2014-0980 9.3
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2013-5791 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous infor
11-02-2014 - 23:49 16-10-2013 - 11:55
CVE-2014-1202 9.3
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
27-01-2014 - 23:57 24-01-2014 - 20:55
CVE-2013-4884 4.3
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
22-01-2014 - 14:53 21-01-2014 - 13:55
CVE-2013-3482 9.3
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an
21-01-2014 - 16:14 19-01-2014 - 12:16
CVE-2013-5447 6.8
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
13-01-2014 - 23:28 10-12-2013 - 01:14
CVE-2011-5012 10.0
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflecti
07-01-2014 - 23:24 24-12-2011 - 20:55
CVE-2009-1667 9.3
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
07-01-2014 - 22:54 18-05-2009 - 14:30
CVE-2009-5137 7.5
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
06-01-2014 - 21:53 03-01-2014 - 14:55
CVE-2013-6937 6.8
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
03-01-2014 - 23:50 04-12-2013 - 11:15
CVE-2013-6162 4.3
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
23-12-2013 - 10:32 20-12-2013 - 19:55
CVE-2013-7186 9.3
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
23-12-2013 - 09:50 20-12-2013 - 18:55
CVE-2006-6199 7.5
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
12-12-2013 - 22:37 30-11-2006 - 20:28
CVE-2006-6184 10.0
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
12-12-2013 - 22:37 30-11-2006 - 19:28
CVE-2013-6283 7.5
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
05-12-2013 - 00:31 25-10-2013 - 19:55
CVE-2013-6874 9.3
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
27-11-2013 - 09:49 26-11-2013 - 11:55
CVE-2009-0927 9.3
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerabili
22-11-2013 - 13:19 19-03-2009 - 06:30
CVE-2013-3660 6.9
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does
02-11-2013 - 23:33 24-05-2013 - 16:55
CVE-2012-5470 4.3
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
02-11-2013 - 23:28 26-10-2012 - 06:39
CVE-2011-0257 9.3
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
02-11-2013 - 23:09 15-08-2011 - 17:55
CVE-2010-0187 4.3
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
02-11-2013 - 22:56 15-02-2010 - 13:30
CVE-2013-6128 5.8
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequ
28-10-2013 - 09:39 25-10-2013 - 16:55
CVE-2013-6127 5.8
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and s
28-10-2013 - 09:32 25-10-2013 - 16:55
CVE-2013-6079 7.2
Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license wind
15-10-2013 - 12:38 11-10-2013 - 18:55
CVE-2013-5716 4.3
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
08-10-2013 - 12:04 09-09-2013 - 13:55
CVE-2013-0742 9.3
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file.
07-10-2013 - 09:35 03-10-2013 - 19:55
CVE-2013-4900 5.0
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
13-09-2013 - 14:56 09-09-2013 - 13:55
CVE-2011-5003 10.0
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
08-09-2013 - 02:11 24-12-2011 - 20:55
CVE-2010-2004 9.3
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vu
29-08-2013 - 02:20 20-05-2010 - 17:30
CVE-2010-3595 7.8
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was o
28-08-2013 - 02:26 19-01-2011 - 11:00
CVE-2010-5289 7.5
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long s
27-08-2013 - 10:17 24-08-2013 - 23:27
CVE-2013-5578 9.3
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
26-08-2013 - 15:27 24-08-2013 - 23:27
CVE-2013-3956 7.2
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Se
22-08-2013 - 02:54 31-07-2013 - 09:20
CVE-2010-2703 10.0
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe
21-08-2013 - 02:23 28-07-2010 - 08:48
CVE-2010-3962 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issu
19-08-2013 - 02:16 05-11-2010 - 13:00
CVE-2010-2744 7.2
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges b
16-08-2013 - 03:06 13-10-2010 - 15:00
CVE-2013-2577 9.3
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
13-08-2013 - 15:41 09-08-2013 - 17:55
CVE-2013-2576 6.8
Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.
13-08-2013 - 15:10 09-08-2013 - 17:55
CVE-2010-3134 9.3
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
09-08-2013 - 02:24 26-08-2010 - 14:36
CVE-2010-2330 9.3
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
08-08-2013 - 02:18 18-06-2010 - 16:30
CVE-2012-1008 5.0
OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.
26-07-2013 - 02:40 07-02-2012 - 23:11
CVE-2010-3138 9.3
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player o
18-07-2013 - 23:57 27-08-2010 - 15:00
CVE-2010-0249 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote
13-07-2013 - 02:41 15-01-2010 - 12:30
CVE-2013-3563 7.5
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.
05-07-2013 - 00:00 04-07-2013 - 10:33
CVE-2010-3147 9.3
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2010-3143 9.3
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2013-3661 4.9
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether li
05-06-2013 - 23:26 24-05-2013 - 16:55
CVE-2011-5007 10.0
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
20-05-2013 - 23:12 24-12-2011 - 20:55
CVE-2013-3075 10.0
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitl
15-05-2013 - 00:00 19-04-2013 - 07:44
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2013-2760 6.8
Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.
18-04-2013 - 00:00 16-04-2013 - 10:04
CVE-2012-0267 9.3
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
04-04-2013 - 23:07 14-01-2012 - 22:55
CVE-2012-0266 9.3
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long b
04-04-2013 - 23:07 14-01-2012 - 22:55
CVE-2012-4177 10.0
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
01-04-2013 - 23:19 07-08-2012 - 16:55
CVE-2012-2584 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction wit
22-03-2013 - 23:10 12-08-2012 - 13:55
CVE-2012-3294 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of
21-03-2013 - 23:11 17-08-2012 - 06:31
CVE-2011-1524 4.3
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFR
06-02-2013 - 23:43 28-03-2011 - 14:55
CVE-2011-0545 6.8
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possi
06-02-2013 - 23:41 28-03-2011 - 12:55
CVE-2012-5335 4.0
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
31-01-2013 - 00:00 08-10-2012 - 19:55
CVE-2012-6530 7.1
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
31-01-2013 - 00:00 31-01-2013 - 00:44
CVE-2009-5134 6.8
Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly ex
29-01-2013 - 00:00 18-01-2013 - 18:55
CVE-2012-5329 4.0
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
25-01-2013 - 23:58 08-10-2012 - 19:55
CVE-2012-5875 5.0
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4
18-01-2013 - 00:00 18-01-2013 - 06:48
CVE-2012-5897 9.3
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via th
15-01-2013 - 00:00 17-11-2012 - 16:55
CVE-2012-4991 8.5
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
13-12-2012 - 00:00 13-12-2012 - 06:53
CVE-2012-6042 4.3
GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
27-11-2012 - 23:41 26-11-2012 - 17:55
CVE-2012-6044 4.3
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
27-11-2012 - 00:00 26-11-2012 - 17:55
CVE-2012-6048 5.0
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
27-11-2012 - 00:00 26-11-2012 - 23:49
CVE-2012-5896 10.0
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument,
19-11-2012 - 00:00 17-11-2012 - 16:55
CVE-2012-5905 4.0
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
19-11-2012 - 00:00 17-11-2012 - 16:55
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2007-3703 6.8
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a diffe
05-11-2012 - 22:43 11-07-2007 - 19:30
CVE-2007-3340 7.8
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
05-11-2012 - 22:41 21-06-2007 - 18:30
CVE-2007-3162 5.0
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
05-11-2012 - 22:41 11-06-2007 - 18:30
CVE-2007-2526 9.3
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.
05-11-2012 - 22:38 08-05-2007 - 19:19
CVE-2007-2222 9.3
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object tha
05-11-2012 - 22:37 12-06-2007 - 15:30
CVE-2012-2271 10.0
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
30-10-2012 - 00:04 21-05-2012 - 16:55
CVE-2008-4558 6.8
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
29-10-2012 - 23:17 14-10-2008 - 20:00
CVE-2010-5193 9.3
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit pa
26-10-2012 - 00:00 31-08-2012 - 17:55
CVE-2011-5233 4.3
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
26-10-2012 - 00:00 25-10-2012 - 13:55
CVE-2012-2578 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2)
26-10-2012 - 00:00 19-09-2012 - 06:57
CVE-2012-2586 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode met
26-10-2012 - 00:00 19-09-2012 - 06:57
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
22-10-2012 - 23:09 21-08-2009 - 07:02
CVE-2009-0812 9.3
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained
22-10-2012 - 23:03 04-03-2009 - 12:30
CVE-2007-4734 4.3
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
22-10-2012 - 22:34 06-09-2007 - 15:17
CVE-2012-1189 9.3
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribu
09-10-2012 - 00:00 08-10-2012 - 14:55
CVE-2012-5324 9.3
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry
09-10-2012 - 00:00 08-10-2012 - 16:55
CVE-2011-5171 9.3
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
21-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2012-4992 9.0
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
20-09-2012 - 11:07 19-09-2012 - 15:55
CVE-2012-2575 4.3
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
18-09-2012 - 00:00 17-09-2012 - 10:55
CVE-2012-4924 9.3
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
18-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5162 9.3
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5164 9.3
Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5166 7.5
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE,
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5167 9.3
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long st
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5170 9.3
Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5172 9.3
Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2011-5173 6.8
Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field in a bed file.
17-09-2012 - 00:00 15-09-2012 - 13:55
CVE-2012-4865 9.3
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
13-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2008-2463 6.8
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine
12-09-2012 - 22:29 07-07-2008 - 19:41
CVE-2010-5239 6.9
Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that cont
07-09-2012 - 12:27 07-09-2012 - 06:32
CVE-2010-5227 6.9
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .x
07-09-2012 - 11:07 07-09-2012 - 06:32
CVE-2011-3176 10.0
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
07-09-2012 - 00:21 09-04-2012 - 16:55
CVE-2011-3175 10.0
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
07-09-2012 - 00:21 09-04-2012 - 16:55
CVE-2010-5236 6.9
Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, o
07-09-2012 - 00:00 07-09-2012 - 06:32
CVE-2012-4864 9.3
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
07-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2010-5195 6.9
Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of the
06-09-2012 - 00:00 06-09-2012 - 06:41
CVE-2010-5194 9.3
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long st
05-09-2012 - 00:00 31-08-2012 - 17:55
CVE-2011-4878 7.8
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI pane
04-09-2012 - 23:19 03-02-2012 - 15:55
CVE-2011-4879 8.5
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and W
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4877 7.1
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfe
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4876 9.3
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2011-4875 9.3
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC
31-08-2012 - 23:38 03-02-2012 - 15:55
CVE-2012-2587 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element
29-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2614 6.8
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in a
18-08-2012 - 00:00 12-07-2012 - 17:55
CVE-2012-2206 3.5
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser
17-08-2012 - 00:00 17-08-2012 - 06:31
CVE-2012-4335 7.8
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third pa
15-08-2012 - 16:35 14-08-2012 - 18:55
CVE-2012-4334 10.0
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obta
15-08-2012 - 16:33 14-08-2012 - 18:55
CVE-2012-4333 10.0
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fn
15-08-2012 - 16:31 14-08-2012 - 18:55
CVE-2012-4250 9.3
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
14-08-2012 - 00:00 13-08-2012 - 14:55
CVE-2012-2396 4.3
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
13-08-2012 - 23:37 19-04-2012 - 17:55
CVE-2011-1591 9.3
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
13-08-2012 - 23:26 29-04-2011 - 18:55
CVE-2008-0610 9.3
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote att
13-08-2012 - 22:37 06-02-2008 - 07:00
CVE-2012-2585 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) ex
13-08-2012 - 13:22 12-08-2012 - 17:55
CVE-2012-2571 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression
13-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2590 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an
13-08-2012 - 00:00 12-08-2012 - 17:55
CVE-2012-2602 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via Create
13-08-2012 - 00:00 12-08-2012 - 12:55
CVE-2012-1466 5.0
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd.
03-08-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-0277 6.8
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
01-08-2012 - 00:00 17-07-2012 - 17:55
CVE-2012-2442 4.3
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2012-4054 6.9
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2012-4057 9.3
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
30-07-2012 - 00:00 25-07-2012 - 17:55
CVE-2011-2657 6.8
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to exec
27-07-2012 - 00:00 26-07-2012 - 18:55
CVE-2012-0282 6.8
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
18-07-2012 - 09:15 17-07-2012 - 17:55
CVE-2012-0276 6.8
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF imag
18-07-2012 - 00:00 17-07-2012 - 17:55
CVE-2012-3845 5.0
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
17-07-2012 - 00:00 03-07-2012 - 18:55
CVE-2012-1661 9.3
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
16-07-2012 - 00:00 12-07-2012 - 17:55
CVE-2012-3816 7.8
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
28-06-2012 - 00:00 27-06-2012 - 17:55
CVE-2012-0985 9.3
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11
08-06-2012 - 00:00 07-06-2012 - 15:55
CVE-2011-3492 10.0
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
04-06-2012 - 00:00 16-09-2011 - 10:28
CVE-2012-2940 4.3
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
28-05-2012 - 00:00 27-05-2012 - 16:55
CVE-2011-3976 6.8
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
14-05-2012 - 00:00 04-10-2011 - 06:55
CVE-2011-1566 10.0
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0
11-05-2012 - 23:37 05-04-2011 - 11:19
CVE-2011-2386 9.3
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereferen
27-04-2012 - 00:00 08-06-2011 - 06:36
CVE-2012-1464 5.0
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these
27-03-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-1465 4.3
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third p
27-03-2012 - 00:00 19-03-2012 - 15:55
CVE-2012-1783 7.8
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
20-03-2012 - 00:00 19-03-2012 - 14:55
CVE-2011-0611 9.3
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on W
19-03-2012 - 00:00 13-04-2011 - 10:55
CVE-2011-3142 10.0
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
16-03-2012 - 00:00 16-08-2011 - 17:55
CVE-2012-0292 5.0
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris
08-03-2012 - 00:00 07-03-2012 - 23:15
CVE-2011-4800 9.0
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put
05-03-2012 - 00:00 13-12-2011 - 19:55
CVE-2012-0201 9.3
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
02-03-2012 - 00:00 02-03-2012 - 06:55
CVE-2011-5002 10.0
Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Chara
16-02-2012 - 23:10 24-12-2011 - 20:55
CVE-2012-1009 5.0
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request.
15-02-2012 - 10:07 14-02-2012 - 12:55
CVE-2011-4024 4.3
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13-02-2012 - 23:09 21-10-2011 - 14:55
CVE-2011-3496 10.0
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
13-02-2012 - 23:08 16-09-2011 - 13:26
CVE-2011-3490 10.0
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the
13-02-2012 - 23:08 16-09-2011 - 10:28
CVE-2011-3487 5.0
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
13-02-2012 - 23:08 16-09-2011 - 10:28
CVE-2011-3322 10.0
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/
13-02-2012 - 23:08 15-09-2011 - 13:58
CVE-2011-2443 9.3
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related
13-02-2012 - 23:07 04-10-2011 - 16:55
CVE-2010-5033 7.5
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-4916 7.5
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4915 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4913 4.3
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party informa
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4910 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2011-5049 4.3
MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
09-02-2012 - 00:00 04-01-2012 - 14:55
CVE-2010-0364 9.3
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
27-01-2012 - 00:32 21-01-2010 - 15:30
CVE-2012-0904 4.3
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
27-01-2012 - 00:31 20-01-2012 - 12:55
CVE-2010-3275 9.3
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
27-01-2012 - 00:31 28-03-2011 - 12:55
CVE-2011-5052 6.8
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.
05-01-2012 - 10:07 04-01-2012 - 14:55
CVE-2011-5043 4.3
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
02-01-2012 - 00:00 30-12-2011 - 14:55
CVE-2011-5044 7.2
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
02-01-2012 - 00:00 30-12-2011 - 14:55
CVE-2009-5109 9.3
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2010-5081 9.3
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2006-6576 7.5
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affe
18-10-2011 - 00:00 15-12-2006 - 14:28
CVE-2011-1525 9.3
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recordi
17-10-2011 - 00:00 06-04-2011 - 12:55
CVE-2010-3146 9.3
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contai
06-10-2011 - 00:00 27-08-2010 - 15:00
CVE-2011-0096 4.3
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for cont
04-10-2011 - 22:51 31-01-2011 - 15:00
CVE-2010-4701 7.6
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote
04-10-2011 - 22:50 20-01-2011 - 14:00
CVE-2010-3148 9.3
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file
04-10-2011 - 22:48 27-08-2010 - 15:00
CVE-2010-2549 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUs
04-10-2011 - 22:46 02-07-2010 - 15:00
CVE-2011-1866 10.0
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1865 10.0
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1568 10.0
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1567 10.0
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via craf
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1565 10.0
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1564 10.0
Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which t
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1563 10.0
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-0614 9.3
Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file.
21-09-2011 - 23:28 16-05-2011 - 13:55
CVE-2011-0517 9.3
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
21-09-2011 - 23:28 20-01-2011 - 14:00
CVE-2011-0406 10.0
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
21-09-2011 - 23:28 10-01-2011 - 22:00
CVE-2011-0276 10.0
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.s
21-09-2011 - 23:27 01-02-2011 - 20:00
CVE-2011-0267 10.0
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0
21-09-2011 - 23:27 13-01-2011 - 14:00
CVE-2010-2709 9.3
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
21-09-2011 - 23:22 05-08-2010 - 14:17
CVE-2010-1554 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2009-5087 5.0
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
21-09-2011 - 23:16 12-09-2011 - 08:40
CVE-2008-2683 9.3
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL meth
21-09-2011 - 22:55 12-06-2008 - 08:21
CVE-2010-4321 9.3
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
21-09-2011 - 00:00 30-12-2010 - 14:00
CVE-2011-2963 10.0
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service
01-08-2011 - 00:00 29-07-2011 - 15:55
CVE-2010-3765 9.3
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
25-07-2011 - 00:00 27-10-2010 - 20:00
CVE-2010-4091 9.3
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
25-07-2011 - 00:00 07-11-2010 - 17:00
CVE-2010-3131 9.3
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
20-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-3145 9.3
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working
20-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3133 9.3
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly
19-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2011-0489 7.5
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the L
19-07-2011 - 00:00 18-01-2011 - 13:03
CVE-2010-4398 7.2
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain
18-07-2011 - 22:41 06-12-2010 - 08:44
CVE-2010-3973 9.3
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef met
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3972 10.0
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a den
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3971 9.3
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code
18-07-2011 - 22:40 22-12-2010 - 16:00
CVE-2010-3396 7.2
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
18-07-2011 - 22:39 15-09-2010 - 14:00
CVE-2010-3227 9.3
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
18-07-2011 - 22:39 26-10-2010 - 18:00
CVE-2010-3142 9.3
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3140 9.3
Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3139 9.3
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located i
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3137 9.3
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3136 9.3
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3132 9.3
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3130 9.3
Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3128 9.3
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3127 9.3
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3126 9.3
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3124 9.3
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located i
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3129 9.3
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
18-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-3144 9.3
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demon
18-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3653 9.3
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose va
18-07-2011 - 00:00 26-10-2010 - 14:00
CVE-2011-2641 5.0
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
05-07-2011 - 00:00 01-07-2011 - 06:55
CVE-2011-2089 9.3
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitra
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2011-0959 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName par
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0960 7.5
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceRe
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0962 4.3
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML vi
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2011-0966 6.8
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto355
24-05-2011 - 00:00 20-05-2011 - 18:55
CVE-2008-3408 6.8
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2006-0441 7.5
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
07-03-2011 - 21:30 26-01-2006 - 17:03
CVE-2005-2842 7.5
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
07-03-2011 - 21:25 08-09-2005 - 06:03
CVE-2011-0917 10.0
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
25-02-2011 - 01:58 08-02-2011 - 17:00
CVE-2010-4709 7.6
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
17-02-2011 - 02:01 28-01-2011 - 11:00
CVE-2011-0652 2.1
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third
04-02-2011 - 01:50 28-01-2011 - 11:00
CVE-2010-3591 9.3
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. N
04-02-2011 - 01:48 19-01-2011 - 11:00
CVE-2010-3749 9.3
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a clie
26-01-2011 - 01:51 18-10-2010 - 20:00
CVE-2005-3294 5.0
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
26-01-2011 - 00:00 23-10-2005 - 17:02
CVE-2011-0498 9.3
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) fil
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0501 9.3
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0514 5.0
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0500 9.3
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem ele
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0502 9.3
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0507 4.3
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which tri
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0513 7.2
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0515 2.1
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2010-4598 5.0
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
14-01-2011 - 01:48 23-12-2010 - 13:00
CVE-2010-3152 9.3
Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse
13-01-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3151 9.3
Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as
12-01-2011 - 01:52 27-08-2010 - 15:00
CVE-2010-3135 9.3
Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt
12-01-2011 - 01:52 26-08-2010 - 14:36
CVE-2010-2590 9.3
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion pr
12-01-2011 - 01:51 21-12-2010 - 22:00
CVE-2010-4597 10.0
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the sec
11-01-2011 - 01:46 23-12-2010 - 13:00
CVE-2010-4502 7.2
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overfl
09-12-2010 - 00:00 08-12-2010 - 15:00
CVE-2010-3153 9.3
Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary
11-11-2010 - 01:49 27-08-2010 - 15:00
CVE-2010-3141 9.3
Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a
11-11-2010 - 00:00 27-08-2010 - 15:00
CVE-2010-4181 5.0
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
05-11-2010 - 00:00 04-11-2010 - 15:00
CVE-2010-4142 10.0
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_
04-11-2010 - 00:00 01-11-2010 - 22:26
CVE-2010-3486 5.0
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parame
23-09-2010 - 00:00 22-09-2010 - 16:00
CVE-2010-1681 7.6
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
18-09-2010 - 01:44 06-05-2010 - 08:47
CVE-2010-1885 9.3
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist
17-09-2010 - 01:47 15-06-2010 - 10:04
CVE-2010-3150 9.3
Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the
09-09-2010 - 01:43 27-08-2010 - 15:00
CVE-2010-3149 9.3
Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse
09-09-2010 - 00:00 27-08-2010 - 15:00
CVE-2010-3155 9.3
Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the
09-09-2010 - 00:00 27-08-2010 - 15:00
CVE-2010-3213 6.8
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting
08-09-2010 - 13:37 07-09-2010 - 14:00
CVE-2009-3129 9.3
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
08-09-2010 - 00:00 11-11-2009 - 14:30
CVE-2010-3154 9.3
Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder
30-08-2010 - 10:54 27-08-2010 - 15:00
CVE-2010-3125 9.3
Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located
26-08-2010 - 00:00 26-08-2010 - 14:36
CVE-2010-2931 9.3
Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.
21-08-2010 - 01:43 05-08-2010 - 09:23
CVE-2010-2932 9.3
Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method.
05-08-2010 - 00:00 05-08-2010 - 09:23
CVE-2008-6898 9.3
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecif
13-07-2010 - 01:39 05-08-2009 - 18:30
CVE-2010-2701 9.3
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
13-07-2010 - 00:00 12-07-2010 - 13:30
CVE-2010-2620 9.3
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.
06-07-2010 - 00:00 02-07-2010 - 16:30
CVE-2009-4453 8.8
Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party infor
29-06-2010 - 00:00 29-12-2009 - 15:41
CVE-2010-2505 5.0
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
29-06-2010 - 00:00 28-06-2010 - 14:30
CVE-2010-2439 9.3
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
25-06-2010 - 00:00 24-06-2010 - 13:30
CVE-2010-2440 9.3
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from
25-06-2010 - 00:00 24-06-2010 - 13:30
CVE-2010-0688 9.3
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
23-06-2010 - 00:00 19-03-2010 - 16:30
CVE-2010-2310 5.0
SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.
22-06-2010 - 01:41 16-06-2010 - 16:30
CVE-2010-2305 9.3
Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.
22-06-2010 - 01:41 16-06-2010 - 16:30
CVE-2010-2348 9.3
Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file.
22-06-2010 - 00:00 21-06-2010 - 15:30
CVE-2010-2349 5.0
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
22-06-2010 - 00:00 21-06-2010 - 15:30
CVE-2010-2321 9.3
Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file.
21-06-2010 - 00:00 18-06-2010 - 12:30
CVE-2010-2329 9.3
Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.
21-06-2010 - 00:00 18-06-2010 - 16:30
CVE-2010-2331 9.3
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.
21-06-2010 - 00:00 18-06-2010 - 16:30
CVE-2010-2263 5.0
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
18-06-2010 - 01:36 15-06-2010 - 10:04
CVE-2010-1296 9.3
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
18-06-2010 - 01:35 27-05-2010 - 15:30
CVE-2010-2311 9.3
Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name.
17-06-2010 - 00:00 16-06-2010 - 16:30
CVE-2010-2266 5.0
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
15-06-2010 - 00:00 15-06-2010 - 10:04
CVE-2010-1465 9.3
Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.
07-06-2010 - 00:00 16-04-2010 - 15:30
CVE-2010-2115 5.0
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
01-06-2010 - 00:00 28-05-2010 - 16:30
CVE-2010-2091 4.3
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive in
28-05-2010 - 00:00 27-05-2010 - 15:30
CVE-2010-2102 10.0
Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
28-05-2010 - 00:00 27-05-2010 - 18:30
CVE-2010-2028 10.0
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode.
26-05-2010 - 00:00 24-05-2010 - 15:30
CVE-2010-2031 7.2
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.
26-05-2010 - 00:00 24-05-2010 - 15:30
CVE-2010-1597 9.3
Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing an entry with a long filename.
30-04-2010 - 00:00 29-04-2010 - 12:30
CVE-2009-4781 7.2
TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.
22-04-2010 - 00:00 21-04-2010 - 10:30
CVE-2008-5180 5.0
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
15-04-2010 - 01:27 20-11-2008 - 10:30
CVE-2010-1349 10.0
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
13-04-2010 - 00:00 12-04-2010 - 14:30
CVE-2009-4089 5.0
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComm
31-03-2010 - 01:39 29-11-2009 - 08:07
CVE-2009-4088 6.8
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute a
31-03-2010 - 01:39 29-11-2009 - 08:07
CVE-2010-1174 5.0
Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information.
30-03-2010 - 00:00 29-03-2010 - 15:30
CVE-2010-1044 7.5
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
23-03-2010 - 09:39 22-03-2010 - 21:00
CVE-2010-0718 4.3
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
01-03-2010 - 00:00 26-02-2010 - 14:30
CVE-2010-0679 9.3
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argum
23-02-2010 - 00:00 22-02-2010 - 16:30
CVE-2010-0665 5.0
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
22-02-2010 - 00:00 19-02-2010 - 12:30
CVE-2010-0459 7.5
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
29-01-2010 - 00:00 28-01-2010 - 15:30
CVE-2009-4452 6.8
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:F
30-12-2009 - 00:00 29-12-2009 - 15:41
CVE-2009-4367 6.8
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clea
22-12-2009 - 00:00 21-12-2009 - 11:30
CVE-2009-4097 9.3
Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party informat
19-12-2009 - 01:59 29-11-2009 - 08:08
CVE-2009-4194 6.0
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are
04-12-2009 - 00:00 03-12-2009 - 14:30
Back to Top Mark selected
Back to Top