All Vulnerabilities

  • WordPress WP-EMail Plugin SQL Injection Vulnerability
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    A SQL injection vulnerability has been reported in WordPress WP-EMail Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected website.
  • ISC BIND rndc Control Channel Denial Of Service Vulnerability (CVE-2016-1285)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interface of a target BIND server. Successful exploitation could lead to denial-of-service conditions.
  • ISC BIND Long Name Query DOS Vulnerability (CVE-2016-2775)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    A denial-of-service vulnerability has been reported in ISC BIND's lwresd daemon. The vulnerability is due to failure to check the query length when using lightweight resolver protocol. A remote, unauthenticated attacker could exploit this vulnerability by providing large query name to the lightweight resolver. Successful exploitation could lead to denial-of-service conditions.
  • ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2848)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure while processing DNS packet with a malformed options section. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted query to the vulnerable server. Successful exploitation could lead to a denial-of-service condition.
  • ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    An out-of-bounds read vulnerability exists in ImageMagick's SGI coder when software fails to parse the crafted image file properly.
  • < div id="listDescVul"class="pane showpane noborder" >
    An out-of-bound array indexing vulnerability has been reported in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. A remote attacker can exploit this vulnerability by uploading a maliciously crafted file to a vulnerable web service. Successful exploitation could result in arbitrary code execution under the security context of the service using ImageMagick.
  • < div id="listDescVul"class="pane showpane noborder" >
    A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in parsing ASN.1 data that causes libtasn1 to enter an infinite loop when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.
  • Ознакомиться со статьей   
  • Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
  • Openssl RSA Downgrade Vulnerability (CVE-2015-0204)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
  • Ruby On Rails Action View Cross Site Scripting Vulnerability (CVE-2016-6316)
     Severity:    
     Publish Date:  11 January 2017
    < div id="listDescVul"class="pane showpane noborder" >
    Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.