All Vulnerabilities
WordPress Ultimate Membership Pro Plugin SQL Injection Vulnerability
Severity:
Date Published:  24 Nov 2016
SQL injection vulnerability in WordPress ultimate membership pro plugin allows attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in WordPress Ninja Forms Plugin allows attackers to execute arbitrary SQL commands via unspecified vectors.
WordPress Mobile Detector Plugin Arbitrary File Upload Vulnerability
Severity:
Date Published:  24 Nov 2016
WordPress Mobile Detector Plugin is prone to an arbitrary file upload vulnerability because it fails to properly sanitise user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application.
Micro Focus GroupWise Admin Console Cross Site Scripting Vulnerability (CVE-2016-...
Severity:
Date Published:  24 Nov 2016
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)
Severity:
Date Published:  24 Nov 2016
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
Severity:
Date Published:  24 Nov 2016
A remote code execution vulnerability exists in Microsoft Office when the Office software fails to handle objects in memory properly. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE...
Severity:
Date Published:  24 Nov 2016
Microsoft Internet Explorer scripting engine is prone to a use after free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050)
Severity:
Date Published:  24 Nov 2016
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.
Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-720...
Severity:
Date Published:  24 Nov 2016
A remote code execution vulnerability exists in the Windows Animation Manager. An attacker who successfully exploited this vulnerability could install programs and view, change and delete data or create new accounts with full user rights.
Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-20...
Severity:
Date Published:  24 Nov 2016
Microsoft Internet Explorer and Microsoft Edge have an information disclosure vulnerability which discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more