All Vulnerabilities

Apache Tomcat Limited Directory Traversal Vulnerability (CVE-2015-5174)
 Severity:    
 Date Published:  12 Oct 2016
Directory traversal vulnerability in Apache Tomcat allows remote attackers to read arbitrary files via unspecified vectors related to ServletContext.
Zend Framework SQL Injection Vulnerability (CVE-2016-4861)
 Severity:    
 Date Published:  12 Oct 2016
Zend Framework is prone to an SQL injection vulnerability by the implementation of ORDER BY and GROUP BY in Zend_Db_Select, when a combination of SQL expressions and comments are used.
ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477)
 Severity:    
 Date Published:  12 Oct 2016
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Adobe RoboHelp Server Authentication Bypass Vulnerability
 Severity:    
 Date Published:  12 Oct 2016
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
 Severity:    
 Date Published:  12 Oct 2016
A buffer overrun vulnerability was discovered in Microsoft Windows while handling malformed EMF file which will lead to a heap corruption. Successful exploitation of this issue could allow attackers to execute arbitrary code on the system.
ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2776)
 Severity:    
 Date Published:  12 Oct 2016
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.
Drupal menupereid SQL Injection Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
SQL injection vulnerability in Drupal 6.22 allows attackers to execute arbitrary SQL commands via unspecified vectors.
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
Microsoft SQL Server 'sa' Login With 'Null' Password Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.