All Vulnerabilities

A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

A heap corruption vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

An out-of-bounds read vulnerability was discovered within Microsoft Office Excel 2016. Successful exploitation of this issue could allow an attacker to leak sensitive information and bypass memory protections such as ASLR.

A use after free vulnerability was discovered within Microsoft Office. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system.

An elevation of privilege vulnerability exists in Microsoft Windows. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

IBM WebSphere Portal is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM WebSphere Application Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted XML request.

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

Adobe Acrobat and Reader is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.