All Vulnerabilities
Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-71...
Severity:
Date Published:  16 Nov 2016
An information disclosure vulnerability exists in Microsoft Edge Scripting Engine when dealing with different object types. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7194)
Severity:
Date Published:  09 Nov 2016
Microsoft Edge scripting engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
WordPress Network Setting Page Cross Site Scripting Vulnerability (CVE-2016-6634)
Severity:
Date Published:  09 Nov 2016
A reflected Cross Site Scripting (XSS) vulnerability exists in the WordPress Network. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
WordPress Appointment Calender Plugin Stored Cross Site Scripting Vulnerability
Severity:
Date Published:  09 Nov 2016
A reflected Cross Site Scripting (XSS) vulnerability has been found in the Appointment Calendar WordPress Plugin. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)
Severity:
Date Published:  09 Nov 2016
An integer overflow vulnerability exists in PHP. The vulnerability is due to an error in reading zip files, causing a heap buffer overflow. A remote attacker can exploit the vulnerability by sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could lead to arbitrary code execution with the privileges of the web server. Failed exploit attempts will likely result in denial-of-service conditions.
NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
Severity:
Date Published:  09 Nov 2016
An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.
Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-72...
Severity:
Date Published:  09 Nov 2016
An information disclosure vulnerability exists when the ATMFD component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the affected system.
Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217)
Severity:
Date Published:  09 Nov 2016
A memory corruption vulnerability exists when the Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Windows Information Disclosure Vulnerability (CVE-2016-7214)
Severity:
Date Published:  09 Nov 2016
An Information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.
Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7246)
Severity:
Date Published:  09 Nov 2016
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.