Displaying 38201 - 38219 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Adobe Reader where a malformed Portable Document Format with embedded Javascript assigns more data to an array than it declares.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to bypass the check whether a given object is an array by wrapping an object with the CrossSite class to replace the vtable of the object. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Lotus Notes LZH Attachment Viewer. If the lzh Header Field is less than 0x13, an integer underflow occurs. This value is later used by memcpy, causing a stack buffer overflow. Successful exploitation could result in execution of arbitrary code or abnormal termination of Lotus Notes.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits one of five cross-site scripting vulnerabilities in HP OpenView Network Node Manager via HTTP GET request.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits Movable Type 4.2x, 4.3x upgrade script to gain remote code execution on target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a use after free vulnerability in Microsoft Internet Explorer and Edge Browsers. Specifically, if a font element's lang attribute is set to a string, and then its node value is set to null, the string is freed. Later a call to reference this lang attribute will result in a user after free condition. An attacker can use this attack to disclose memory information that can...

CVSS: 5.7 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

This strike exploits a file deletion vulnerability within Novell iPrint Clients ActiveX control. If the CleanupUploadFiles method is called it deletes the files in the ziPFilePath parameter without any validation of the parameter. In this attack the folder named removeme will be deleted from C:\.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability inside an ActiveX control within Image Viewer. If an overly long string is passed to the TIFMergeMultiFiles method, a buffer can overflow allowing for remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a memory corruption vulnerability in Microsoft Office Excel. The vulnerability is due to improper parsing of Publisher records in Excel files. This vulnerability can lead to arbitrary code execution in the context of the current user.s

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer over flow in the Server Message Block implementation in Samba server. If a Security ID SubAuthorityCount is greater than 15 the buffer will over flow.

This strike sends a malware sample detected by Mcafee as PWS-Zbot.gen.ael, Microsoft as Worm:Win32/Gamarue.I, Kaspersky as HEUR:Trojan.Win32.Generic, Symantec as Packed.Generic.382, Bitdefender as Gen:Variant.Kazy.77674. The MD5 hash of this sample is 0d01d2ae07ebbb8dc1b9d208dfda01fa.

Pages