All Vulnerabilities

Quest InTrust ArDoc.dll ActiveX Control Remote File Creation
 Severity:    
 Date Published:  11 May 2018
An insecure method in the ARDoc ActiveX Control (ARDoc.dll) can be exploited to overwrite arbitrary files with the contents of exported documents via a call to the "SaveToFile()" method with a specially crafted "bstrFileName" argument. Successful exploitation of this vulnerability allows execution of arbitrary code.
Quest InTrust is prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
A denial-of-service vulnerability exists in PowerDNS Authoritative Server. The vulnerability is due to an error in processing queries with overly long qnames. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted DNS packet to the target application. A successful attack could lead to excessive resources being consumed, resulting in a denial of service condition.
NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
 Severity:    
 Date Published:  11 Jan 2017
A denial of service vulnerability exists in the Windows port of Network Time Foundation's NTP Daemon. An attacker can exploit this vulnerability by sending a large UDP packet to the target server. Successful exploitation results in denial of service conditions on the target server.
NTP Daemon CRYPTO_NAK Denial Of Service Vulnerability (CVE-2016-4957)
 Severity:    
 Date Published:  11 Jan 2017
A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service. Successful exploitation may result in denial-of-service conditions.
A denial-of-service vulnerability has been reported in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server. Successful exploitation attempt may result in denial-of-service condition.
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003)
 Severity:    
 Date Published:  11 Jan 2017
A memory corruption vulnerability exists in Microsoft Office. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform remote code execution in the security context of the current user.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.