All Vulnerabilities
Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2015-1632)
Severity:
Date Published:  04 Nov 2016
Elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit this vulnerability by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited this vulnerability could run script in the context of the current user.
Cisco ASA Memory Corruption Vulnerability (CVE-2016-6366)
Severity:
Date Published:  04 Nov 2016
A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-3376)
Severity:
Date Published:  04 Nov 2016
An integer overflow vulnerability was discovered in Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.
Microsoft Windows GDI+ Information Disclosure Vulnerability (CVE-2016-3263)
Severity:
Date Published:  04 Nov 2016
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. An attacker who successfully exploited this vulnerability could use the retrieved information to circumvent Address Space Layout Randomization (ASLR) in Windows, which helps guard against a broad class of vulnerabilities.
Microsoft SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability
Severity:
Date Published:  04 Nov 2016
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
A remote code execution vulnerability exists in WPS Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Trend Micro Threat Intelligence Manager Multiple Remote Code Execution Vulnerabil...
Severity:
Date Published:  26 Oct 2016
Trend Micro Threat Intelligence Manager installs a secure web interface which listens for incoming requests. Several vulnerabilities have been found in the product that would allow a remote attacker to cause the product to execute arbitrary code.
RedHat JBoss Web Application Server Remote Information Disclosure Vulnerability (...
Severity:
Date Published:  26 Oct 2016
RedHat JBoss application server is prone to a remote information disclosure vulnerability. The vulnerability gets exploited by sending malformed HTTP request to the vulnerable software. A successful exploitation of this vulnerability could lead to arbitrary file read on the server.
Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4137)
Severity:
Date Published:  26 Oct 2016
Adobe Flash Player is prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
Microsoft Internet Explorer And Edge Elevation Of Privilege Vulnerability (CVE-20...
Severity:
Date Published:  26 Oct 2016
A privilege escalation vulnerability exists when Microsoft Internet Explorer or Edge fails to properly secure private namespace. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more