All Vulnerabilities

Adobe RoboHelp Server Authentication Bypass Vulnerability
 Severity:    
 Date Published:  12 Oct 2016
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
 Severity:    
 Date Published:  12 Oct 2016
A buffer overrun vulnerability was discovered in Microsoft Windows while handling malformed EMF file which will lead to a heap corruption. Successful exploitation of this issue could allow attackers to execute arbitrary code on the system.
ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2776)
 Severity:    
 Date Published:  12 Oct 2016
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.
Drupal menupereid SQL Injection Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
SQL injection vulnerability in Drupal 6.22 allows attackers to execute arbitrary SQL commands via unspecified vectors.
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
Microsoft SQL Server 'sa' Login With 'Null' Password Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Microsoft SQL Server 'sa' Login With 'Null' Password Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
GNU Wget Arbitrary Commands Execution Vulnerability (CVE-2016-4971)
 Severity:    
 Date Published:  05 Oct 2016
An arbitrary file overwrite vulnerability exist in the GNU Wget. The vulnerability is due to Wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request a file over HTTP and sending an HTTP redirect to an FTP location hosting a malicious file intended to overwrite a user file such as .bashrc or .wgetrc. Upon successful exploitation, the commands contained in the downloaded file will be executed.
GlassFish Java EE Application Server Arbitrary File Read Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
Administration Console of Oracle GlassFish Server is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to access sensitive data on the target server.