All Vulnerabilities

Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Openssl RSA Downgrade Vulnerability (CVE-2015-0204)
 Severity:    
 Date Published:  11 Jan 2017
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
Ruby On Rails Action View Cross Site Scripting Vulnerability (CVE-2016-6316)
 Severity:    
 Date Published:  11 Jan 2017
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
phpMyAdmin SQL Injection Vulnerability (CVE-2016-6611)
 Severity:    
 Date Published:  11 Jan 2017
phpMyAdmin is prone to a sql-injection vulnerability. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpMyAdmin 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8 and 4.0.x versions prior to 4.0.10.17 are vulnerable.
phpMyAdmin Directory Traversal Vulnerability (CVE-2016-6614)
 Severity:    
 Date Published:  11 Jan 2017
phpMyAdmin is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8 and 4.0.x prior to 4.0.10.17 are vulnerable.
Moodle Cross Site Scripting Vulnerability (CVE-2016-9188)
 Severity:    
 Date Published:  11 Jan 2017
Moodle is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Moodle 3.1.2 and prior versions are vulnerable.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
 Severity:    
 Date Published:  11 Jan 2017
An information disclosure vulnerability exists in Microsoft Office when Microsoft Office fails to properly handle office files. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform code execution in the context of the current user.
PHPMailer Remote Code Execution Vulnerabilities
 Severity:    
 Date Published:  11 Jan 2017
PHPMailer prone to a remote code execution vulnerability. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. A Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the web server user and remotely compromise the target web application.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1785)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.

Featured Stories