All Vulnerabilities

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362)
 Severity:    
 Date Published:  15 Sep 2016
A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360)
 Severity:    
 Date Published:  15 Sep 2016
A heap corruption vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359)
 Severity:    
 Date Published:  15 Sep 2016
An out-of-bounds read vulnerability was discovered within Microsoft Office Excel 2016. Successful exploitation of this issue could allow an attacker to leak sensitive information and bypass memory protections such as ASLR.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358)
 Severity:    
 Date Published:  15 Sep 2016
A use after free vulnerability was discovered within Microsoft Office. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system.
Microsoft GDI Elevation Of Privilege Vulnerability (CVE-2016-3355)
 Severity:    
 Date Published:  15 Sep 2016
An elevation of privilege vulnerability exists in Microsoft Windows. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
IBM WebSphere Portal Cross-Site Scripting Vulnerability (CVE-2015-7491)
 Severity:    
 Date Published:  15 Sep 2016
IBM WebSphere Portal is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM WebSphere Application Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
SAP NetWeaver JAVA AS UDDI Component XXE Vulnerability (CVE-2016-4014)
 Severity:    
 Date Published:  15 Sep 2016
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted XML request.
Apache Jetspeed Cross-Site Scripting (XSS) Vulnerability (CVE-2016-0712)
 Severity:    
 Date Published:  15 Sep 2016
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
Adobe Reader DC Memory Corruption Vulnerability (CVE-2016-1077)
 Severity:    
 Date Published:  15 Sep 2016
Adobe Acrobat and Reader is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.

Featured Stories