All Vulnerabilities

A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.
Oracle Database Server SQL Injection Flaw in Oracle Workspace Manager
 Severity:    
 Date Published:  16 Nov 2016
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
A privilege escalation vulnerability exists when Microsoft Internet Explorer or Edge fails to properly secure private namespace. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.
Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-6960)
 Severity:    
 Date Published:  16 Nov 2016
Adobe Acrobat and Reader are prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
An information disclosure vulnerability exists in Microsoft Edge Scripting Engine when dealing with different object types. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Microsoft Edge scripting engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
A reflected Cross Site Scripting (XSS) vulnerability exists in the WordPress Network. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
A reflected Cross Site Scripting (XSS) vulnerability has been found in the Appointment Calendar WordPress Plugin. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)
 Severity:    
 Date Published:  09 Nov 2016
An integer overflow vulnerability exists in PHP. The vulnerability is due to an error in reading zip files, causing a heap buffer overflow. A remote attacker can exploit the vulnerability by sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could lead to arbitrary code execution with the privileges of the web server. Failed exploit attempts will likely result in denial-of-service conditions.
NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
 Severity:    
 Date Published:  09 Nov 2016
An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.

Featured Stories