Home arrow Search
Search Keyword exploit
Total 49 results found.

Results 1 - 49 of 49
...ch may allow non-validating tokens to be forged, is due to a flaw in the reset token validation mechanism. Exploitation of this vulnerability may allow an unauthenticated attacker to reset the passwor...

Oracle has released a Security Advisory to address a vulnerability in the WebLogic plug-in for Apache. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to compromise the

US-CERT is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver's

...ing this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch systems or apply workarounds immediately.A number...

Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Mozilla has released Firefox 2.0.0.16 to address two vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition

...0 to address multiple vulnerabilities. These vulnerabilities affect CFNetwork, Kernel, Safari, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain...

...n. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.US-CERT encourages users to review Microsoft Security Advisory 953...

...ing this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch vulnerable systems immediately.US-CERT encourages...

...ility is due to improper handling of malformed data in the Computer Telephony Integration Manager service. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service conditi...

...cker may be able to access non-domain-specific elements from a web page that exists in a different domain. Exploitation of this vulnerability could allow an attacker to capture keystrokes or perform o...

...e or cause a denial-of-service condition. The Security Bulletin also indicates there are reports of active exploitation.US-CERT encourages users to review Adobe Security Bulletin APSB08-15 and apply a...

... the handling of Jumbo Ethernet frames received on a Gigabit network interface configured for inline mode. Exploitation of this vulnerability may allow a remote attacker to trigger a kernel panic and ...

... to an error in the way the authenticator field handles shortened hash message authentication code (HMAC). Exploitation of this vulnerability may allow an attacker to read and modify any SNMP object o...

...c keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct...

.... This vulnerability is due to a buffer overflow condition in the handling of specially-crafted CDF files. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.US-CERT en...

...large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingl...

...ecting HP Software Update. These vulnerabilities are due to insecure methods in multiple ActiveX controls. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code o...

19. ICQ Vulnerability
(News/CERT)
...on in the "Personal Status Manager" feature that occurs when processing specially crafted status messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or c...

...Script engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or c...

...bclamav/spin.c. There are two additional vulnerabilities due to improper handling of ARJ and RAR archives. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute...

US-CERT has seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By

...is due to improper handling of  multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute ar...

... in eDirectory. This vulnerability is caused by improper handling of large LDAP Extended Request messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or c...

...Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, ...

...ulnerability is due to a boundary error within the "AddColumn()" method in the "ListCtrl" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to cause a stack-based buffer ...

...n multiple F-Secure products. These vulnerabilities are caused by improper handling of malformed archives. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or caus...

...low the affected URLs may be unknowingly redirected to malicious websites. These sites may then attempt to exploit web browser vulnerabilities, entice users to download and install malicious code, or ...

...bsites may be unknowingly redirected to a malicious websites. These malicious websites may then attempt to exploit known vulnerabilities for which patches are available but have not yet been applied t...

...ers who visit one of these infected websites may unknowingly execute malicious code. This code attempts to exploit known vulnerabilities for which patches are available but may not have been applied t...

...bilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute...

...ty is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execu...

US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file name

...lows applications running in the guest operating system to access the host operating system's file system. Exploitation of this vulnerability may allow an attacker to circumvent the controls on the gu...

...erability is due to a buffer overflow in the"ExecuteRequest()" method of the "ienipp.ocx" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on a...

US-CERT is aware of reports of multiple vulnerabilities affecting EMC RepliStor. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affe

US-CERT is aware of reports of publicly available exploit code for vulnerabilities in Microsoft Works 6 File Converter. By convincing a user to open a specially crafted Works file, an attacker may be

US-CERT has received information that public exploit information is available for a vulnerability affecting Linux kernels 2.6.17 to 2.6.24.1. These kernel versions contain a buffer overflow vulnerabil

US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited.  These vulnerabilities are exploited through a maliciously crafted PDF file containing a

US-CERT is aware of publicly available exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and

US-CERT is aware of publicly available exploit code for an unpatched vulnerability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigm

...to Java SE 6 containing fixes for 375 bugs, some of which represent security vulnerabilities that could be exploited to cause the complete compromise of an affected system.  US-CERT encourages us...

.... If a user clicks on the link provided, they will be directed to a malicious website that will attempt to exploit a variety of vulnerabilities and install malware onto the user's system.The following...

Microsoft has released a Security Advisory to address a vulnerability in Excel. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of

...isits a compromised site, they are silently re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet ...

US-CERT is aware of a public report stating that working exploit code is available for RealPlayer.  This exploit is reported to affect RealPlayer 11 build 6.0.14.748.US-CERT will provide more inf

...at contains a link to a malicious web site. When the malicious link is followed, the Trojan may attempt to exploit an unpatched vulnerability or continue to rely on social engineering to download and ...

...r to view or alter the system registry on affected systems. These reports also refer to publicly available exploit code for this vulnerability.To help mitigate the security risk, US-CERT recommends th...

...ble to execute arbitrary code without using a vulnerability in Microsoft Access.US-CERT is aware of active exploitation using malicious Microsoft Access databases.To help protect against this type of ...

<< Start < Prev 1 Next > End >>