All Vulnerabilities

Microsoft Windows PDF is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.

An out of bound memory access vulnerability was discovered within Microsoft Office. Successful exploitation of this vulnerability could allow an attacker to leak sensitive information that could be used to bypass memory protections such as ASLR and leverage the attack to execute arbitrary code on the remote system.

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.

Cross-site scripting (XSS) vulnerability in Microsoft Active Directory Federation Services allows remote attackers to inject arbitrary web script or HTML via a crafted request.

Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.

Adobe Acrobat and Reader are prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.

A heap overflow vulnerability exists in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user. Failed exploit attempts will likely result in denial of service states.

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

A remote code execution vulnerability exists in Microsoft Windows Graphics Component when it's improperly handles specially crafted EMF files. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls.