All Vulnerabilities

Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.

LANDesk Management Suite is vulnerable to multiple remote file inclusion vulnerabilities. The vulnerabilities are due to insufficient input validation in frm_coremainfrm.aspx, sm_actionfrm.asp and frm_splitfrm.aspx files. Successful exploitation could lead to arbitrary code execution.

Directory traversal vulnerability in Apache Tomcat allows remote attackers to read arbitrary files via unspecified vectors related to ServletContext.

Zend Framework is prone to an SQL injection vulnerability by the implementation of ORDER BY and GROUP BY in Zend_Db_Select, when a combination of SQL expressions and comments are used.

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

A buffer overrun vulnerability was discovered in Microsoft Windows while handling malformed EMF file which will lead to a heap corruption. Successful exploitation of this issue could allow attackers to execute arbitrary code on the system.

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory. An attacker could use the vulnerability to gain information about the system that could be combined with other attacks to compromise the system.