All Vulnerabilities

Microsoft Internet Explorer and Microsoft Edge have an information disclosure vulnerability which discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141)
 Severity:    
 Date Published:  24 Nov 2016
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Samba NDR Parsing Unspecified Multiple Buffer Overflow Vulnerabilities
 Severity:    
 Date Published:  24 Nov 2016
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Apache HTTP Server HTTP Proxy Header Injection Vulnerability (CVE-2016-5387)
 Severity:    
 Date Published:  24 Nov 2016
A traffic redirection vulnerability has been reported in PHP, Go, Apache HTTP Server, Apache Tomcat, HHVM, Lighttpd, Nginx and Python. This vulnerability allows attackers to set the HTTP_PROXY environment variable using the Proxy HTTP header. This vulnerability may be exploited by a remote attacker to redirect traffic through an attacker controlled proxy, potentially leading to a man-in-the-middle attack.
Joomla Topics SQL Injection Vulnerability
 Severity:    
 Date Published:  24 Nov 2016
SQL injection vulnerability in Joomla allows attackers to execute arbitrary SQL commands via unspecified vectors.
Identified Suspicious Command Injection Attack
 Severity:    
 Date Published:  24 Nov 2016
Command injection is an attack technique that allows an attacker to inject and execute commands in the vulnerable application. An attacker can exploit command injection vulnerability with a command sequence appended to the appropriate format or escape string to execute arbitrary commands. Successful exploitation results in a system compromise, disclosure or modification of data.
Identified Suspicious Command Injection Attack
 Severity:    
 Date Published:  24 Nov 2016
Command injection is an attack technique that allows an attacker to inject and execute commands in the vulnerable application. An attacker can exploit command injection vulnerability with a command sequence appended to the appropriate format or escape string to execute arbitrary commands. Successful exploitation results in a system compromise, disclosure or modification of data.
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Multiple elevation of privilege vulnerabilities exist when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerabilities could manipulate files in locations not intended to be available to the user.
Multiple elevation of privilege vulnerabilities exist when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerabilities could manipulate files in locations not intended to be available to the user.

Featured Stories