All Vulnerabilities

  • WordPress Appointment Calender Plugin Stored Cross Site Scripting Vulnerability
     嚴重性:    
     公告日期:  2016年11月9日
    A reflected Cross Site Scripting (XSS) vulnerability has been found in the Appointment Calendar WordPress Plugin. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
  • PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)
     嚴重性:    
     公告日期:  2016年11月9日
    An integer overflow vulnerability exists in PHP. The vulnerability is due to an error in reading zip files, causing a heap buffer overflow. A remote attacker can exploit the vulnerability by sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could lead to arbitrary code execution with the privileges of the web server. Failed exploit attempts will likely result in denial-of-service conditions.
  • NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
     嚴重性:    
     公告日期:  2016年11月9日
    An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.
  • An information disclosure vulnerability exists when the ATMFD component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the affected system.
  • Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217)
     嚴重性:    
     公告日期:  2016年11月9日
    A memory corruption vulnerability exists when the Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
  • Microsoft Windows Information Disclosure Vulnerability (CVE-2016-7214)
     嚴重性:    
     公告日期:  2016年11月9日
    An Information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.
  • Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7246)
     嚴重性:    
     公告日期:  2016年11月9日
    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7215)
     嚴重性:    
     公告日期:  2016年11月9日
    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • A memory corruption vulnerability was discovered in Microsoft Windows. It can be triggered by loading a malformed blf file. Successful exploitation of this issue might lead to local privilege escalation.
  • A memory corruption vulnerability was discovered in Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.