All Vulnerabilities

WordPress Ultimate Membership Pro Plugin SQL Injection Vulnerability
 Severity:    
 Date Published:  24 Nov 2016
SQL injection vulnerability in WordPress ultimate membership pro plugin allows attackers to execute arbitrary SQL commands via unspecified vectors.
WordPress Ninja Forms Plugin SQL Injection Vulnerability
 Severity:    
 Date Published:  24 Nov 2016
SQL injection vulnerability in WordPress Ninja Forms Plugin allows attackers to execute arbitrary SQL commands via unspecified vectors.
WordPress Mobile Detector Plugin Arbitrary File Upload Vulnerability
 Severity:    
 Date Published:  24 Nov 2016
WordPress Mobile Detector Plugin is prone to an arbitrary file upload vulnerability because it fails to properly sanitise user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application.
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
 Severity:    
 Date Published:  24 Nov 2016
A remote code execution vulnerability exists in Microsoft Office when the Office software fails to handle objects in memory properly. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Internet Explorer scripting engine is prone to a use after free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050)
 Severity:    
 Date Published:  24 Nov 2016
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.
A remote code execution vulnerability exists in the Windows Animation Manager. An attacker who successfully exploited this vulnerability could install programs and view, change and delete data or create new accounts with full user rights.
Microsoft Internet Explorer and Microsoft Edge have an information disclosure vulnerability which discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.

Featured Stories