All Vulnerabilities

A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
 Severity:    
 Date Published:  24 Nov 2016
A remote code execution vulnerability exists in Microsoft Office when the Office software fails to handle objects in memory properly. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Internet Explorer scripting engine is prone to a use after free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050)
 Severity:    
 Date Published:  24 Nov 2016
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.
A remote code execution vulnerability exists in the Windows Animation Manager. An attacker who successfully exploited this vulnerability could install programs and view, change and delete data or create new accounts with full user rights.
Microsoft Internet Explorer and Microsoft Edge have an information disclosure vulnerability which discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141)
 Severity:    
 Date Published:  24 Nov 2016
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Samba NDR Parsing Unspecified Multiple Buffer Overflow Vulnerabilities
 Severity:    
 Date Published:  24 Nov 2016
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Apache HTTP Server HTTP Proxy Header Injection Vulnerability (CVE-2016-5387)
 Severity:    
 Date Published:  24 Nov 2016
A traffic redirection vulnerability has been reported in PHP, Go, Apache HTTP Server, Apache Tomcat, HHVM, Lighttpd, Nginx and Python. This vulnerability allows attackers to set the HTTP_PROXY environment variable using the Proxy HTTP header. This vulnerability may be exploited by a remote attacker to redirect traffic through an attacker controlled proxy, potentially leading to a man-in-the-middle attack.