All Vulnerabilities

SAP NetWeaver Java AS Multiple XSS Vulnerabilities
 Severity:    
 Date Published:  21 Sep 2016
SAP NetWeaver 7.4 is prone to a cross-site scripting vulnerability. An anonymous attacker can use a special HTTP request to hijack session data of administrators or users of the web resource.
Nagios XI 'nagiosim.php' SQL Injection Vulnerability
 Severity:    
 Date Published:  21 Sep 2016
Nagios XI is prone to a SQL injection vulnerability. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server. Successful exploitation could lead to the disclosure of sensitive information from the database such as API keys for administrative users.
Joomla SecurityCheck SQL Injection Vulnerability
 Severity:    
 Date Published:  21 Sep 2016
SQL injection vulnerability in Joomla SecurityCheck extension allows attackers to execute arbitrary SQL commands via unspecified vectors.
Joomla com_threate SQL Injection Vulnerability
 Severity:    
 Date Published:  21 Sep 2016
SQL injection vulnerability in Joomla allows attackers to execute arbitrary SQL commands via unspecified vectors.
A file name information disclosure vulnerability was discovered within Internet Explorer. The issue lies in the fact that Internet Explorer's behavior changes when dealing with URIs that point to existing local files versus URIs that point to non-existent files. It allows malicious pages to enumerate the existence of files in the victim's file system. This vulnerability was triggered only by local pages or ones opened from a network share.
Adobe Flash Player Use After Free Vulnerability (CVE-2016-4227)
 Severity:    
 Date Published:  21 Sep 2016
Adobe Flash Player is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
 Severity:    
 Date Published:  21 Sep 2016
Microsoft Edge is prone to an unspecified memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
Drupal RESTWS Module Page Callback Remote Code Execution Vulnerability
 Severity:    
 Date Published:  21 Sep 2016
A remote code execution vulnerability exists in RESTWS module for the Drupal. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the web server.
An information disclosure vulnerability exists in Internet Explorer when Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Oracle Database and Enterprise Manager Grid Control is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the application.