All Vulnerabilities

Microsoft SQL Server 'sa' Login With 'Null' Password Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
GNU Wget Arbitrary Commands Execution Vulnerability (CVE-2016-4971)
 Severity:    
 Date Published:  05 Oct 2016
An arbitrary file overwrite vulnerability exist in the GNU Wget. The vulnerability is due to Wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request a file over HTTP and sending an HTTP redirect to an FTP location hosting a malicious file intended to overwrite a user file such as .bashrc or .wgetrc. Upon successful exploitation, the commands contained in the downloaded file will be executed.
GlassFish Java EE Application Server Arbitrary File Read Vulnerability
 Severity:    
 Date Published:  05 Oct 2016
Administration Console of Oracle GlassFish Server is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to access sensitive data on the target server.
Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4275)
 Severity:    
 Date Published:  05 Oct 2016
Adobe Flash Player is prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288)
 Severity:    
 Date Published:  05 Oct 2016
Microsoft Internet Explorer is prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
RealNetworks Helix Server and Helix Mobile Server are prone to a remote heap buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service condition.
A local privilege escalation vulnerability was discovered in Microsoft Windows. It allows normal users to gain administrator privileges.
ElasticSearch Snapshot API Directory Traversal Vulnerability (CVE-2015-5531)
 Severity:    
 Date Published:  05 Oct 2016
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
 Severity:    
 Date Published:  05 Oct 2016
Adobe Flash Player is prone to a heap overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.