TippingPoint Zero Day Initiative
 

Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by security filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by our own DVLabs researchers. A list of published advisories discovered by TippingPoint's DVLabs research group is available from:

ZDI Advisories: 2017   |   2016   |   2015   |   2014   |   2013   |   2012   |   2011   |   2010   |   2009   |   2008   |   2007   |   2006   |   2005

ZDI-17-111 CVE: CVE-2017-2939 Published: 2017-02-16
Adobe Acrobat Reader DC Memory Corruption Remote Code Execution Vulnerability
ZDI-17-110 CVE: CVE-2017-2994 Published: 2017-02-14
Adobe Flash Player MediaPlayer Out-Of-Bounds Access Remote Code Execution Vulnerability
ZDI-17-109 CVE: CVE-2017-2995 Published: 2017-02-14
Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability
ZDI-17-108 CVE: CVE-2017-2976 Published: 2017-02-14
Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-107 CVE: CVE-2017-2975 Published: 2017-02-14
Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-106 CVE: CVE-2017-2974 Published: 2017-02-14
Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-105 CVE: CVE-2017-2981 Published: 2017-02-14
Adobe Digital Editions PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-104 CVE: CVE-2017-2978 Published: 2017-02-14
Adobe Digital Editions PDF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-103 CVE: CVE-2017-2979 Published: 2017-02-14
Adobe Digital Editions FlateDecode Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-102 CVE: CVE-2017-2977 Published: 2017-02-14
Adobe Digital Editions FlateDecode Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-101 CVE: Published: 2017-02-07
Trend Micro Control Manager cgiRedAlertStatusTracking SQL Injection Remote Code Execution Vulnerability
ZDI-17-100 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet NotificationMethodResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-099 CVE: Published: 2017-02-07
Trend Micro Control Manager AdHocQuery_Result XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-098 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-097 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet HighRiskDetectionResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-096 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-095 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet StealthProgramFoundResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-094 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet SHA1DenyDetectionResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-093 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet CorrelatedIncidentResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-092 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet DLPIncidentScheduleSummaryResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-091 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet VirtualAnalysisDetectionResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-090 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet KnownAttackDetectionResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-089 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet SuspiciousThreat parameters SQL Injection Remote Code Execution Vulnerability
ZDI-17-088 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL Injection Remote Code Execution Vulnerability
ZDI-17-087 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet EmailMessageDetected parameters SQL Injection Remote Code Execution Vulnerability
ZDI-17-086 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet CnC parameters SQL Injection Remote Code Execution Vulnerability
ZDI-17-085 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet ThreatSentToWatchlistResult SQL Injection Remote Code Execution Vulnerability
ZDI-17-084 CVE: Published: 2017-02-07
Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-083 CVE: Published: 2017-02-07
Trend Micro Control Manager ProductTree_Table XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-082 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet IDTB_ Parameters SQL Injection Remote Code Execution Vulnerability
ZDI-17-081 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet IDTB_GroupName SQL Injection Remote Code Execution Vulnerability
ZDI-17-080 CVE: Published: 2017-02-07
Trend Micro Control Manager TreeUserControl_process_tree_event XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-079 CVE: Published: 2017-02-07
Trend Micro Control Manager ProductTree XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-078 CVE: Published: 2017-02-07
Trend Micro Control Manager CCGIServlet IDCB_SuspiciousThreat SQL Injection Remote Code Execution Vulnerability
ZDI-17-077 CVE: Published: 2017-02-07
Trend Micro Control Manager ProductTree_RightWindow XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-076 CVE: Published: 2017-02-07
Trend Micro Control Manager ProductTree_LeftWindow XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-075 CVE: Published: 2017-02-07
Trend Micro Control Manager DeploymentPlan_Event_Handler XML External Entity Processing Information Disclosure Vulnerability
ZDI-17-074 CVE: Published: 2017-02-07
Trend Micro Control Manager ProgressReportCGI SQL Injection Authentication Bypass Vulnerability
ZDI-17-073 CVE: Published: 2017-02-07
Trend Micro Control Manager cgiCMUIDispatcher Login Token SQL Injection Remote Code Execution Vulnerability
ZDI-17-072 CVE: Published: 2017-02-07
Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability
ZDI-17-071 CVE: Published: 2017-02-07
Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability
ZDI-17-070 CVE: Published: 2017-02-07
Trend Micro Control Manager dlp_policy Directory Traversal Remote Code Execution Vulnerability
ZDI-17-069 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-068 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-067 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-066 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-065 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-064 CVE: Published: 2017-02-07
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
ZDI-17-063 CVE: Published: 2017-02-07
Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability
ZDI-17-062 CVE: Published: 2017-02-07
Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability
ZDI-17-061 CVE: Published: 2017-02-07
Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability
ZDI-17-060 CVE: Published: 2017-02-07
Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability
ZDI-17-059 CVE: CVE-2016-8341 Published: 2017-02-07
Ecava IntegraXor getdata param SQL Injection Remote Code Execution Vulnerability
ZDI-17-058 CVE: CVE-2016-8341 Published: 2017-02-07
Ecava IntegraXor getdata name SQL Injection Remote Code Execution Vulnerability
ZDI-17-057 CVE: CVE-2017-3289 Published: 2017-01-24
Oracle Java Uninitialized Memory Remote Code Execution Vulnerability
ZDI-17-056 CVE: CVE-2017-3272 Published: 2017-01-24
Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
ZDI-17-055 CVE: CVE-2017-3248 Published: 2017-01-24
Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-17-054 CVE: CVE-2017-2354 Published: 2017-01-24
Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability
ZDI-17-053 CVE: CVE-2016-2123 Published: 2017-01-20
Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-052 CVE: CVE-2016-8207 Published: 2017-01-20
Brocade Network Advisor CliMonitorReportServlet Directory Traversal Information Disclosure Vulnerability
ZDI-17-051 CVE: CVE-2016-8206 Published: 2017-01-20
Brocade Network Advisor SoftwareImageUpload Directory Traversal Arbitrary File Deletion Vulnerability
ZDI-17-050 CVE: CVE-2016-8205 Published: 2017-01-20
Brocade Network Advisor DashboardFileReceiveServlet Directory Traversal Remote Code Execution Vulnerability
ZDI-17-049 CVE: CVE-2016-8204 Published: 2017-01-20
Brocade Network Advisor FileReceiveServlet Directory Traversal Remote Code Execution Vulnerability
ZDI-17-048 CVE: Published: 2017-01-20
Bitdefender Internet Security NSIS Entries Integer Overflow Remote Code Execution Vulnerability
ZDI-17-047 CVE: Published: 2017-01-20
Bitdefender Internet Security NSIS Pages Integer Overflow Remote Code Execution Vulnerability
ZDI-17-046 CVE: Published: 2017-01-20
Bitdefender Internet Security SIS Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-17-045 CVE: CVE-2017-2970 Published: 2017-01-20
Adobe Reader DC XSLT apply-templates Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-044 CVE: CVE-2016-6814 Published: 2017-01-20
Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-17-043 CVE: CVE-2017-5154, CVE-2017-5152 Published: 2017-01-12
Advantech WebAccess updateTemplate SQL Injection Information Disclosure Vulnerability
ZDI-17-042 CVE: Published: 2017-01-11
Foxit PhantomPDF ConvertToPDF TIFF Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-17-041 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-17-040 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-039 CVE: Published: 2017-01-11
Foxit PhantomPDF ConvertToPDF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-038 CVE: Published: 2017-01-11
Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability
ZDI-17-037 CVE: Published: 2017-01-11
Foxit Reader Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-036 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-035 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-17-034 CVE: Published: 2017-01-11
Foxit Reader alert Use-After-Free Remote Code Execution Vulnerability
ZDI-17-033 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-032 CVE: Published: 2017-01-11
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-17-031 CVE: CVE-2017-2967 Published: 2017-01-10
Adobe Reader DC XFA template Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-17-030 CVE: CVE-2017-2966 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion TIFF Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-029 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT call-template Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-028 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT element Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-027 CVE: CVE-2017-2963 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-026 CVE: CVE-2017-2962 Published: 2017-01-10
Adobe Reader DC XSLT lang Type Confusion Remote Code Execution Vulnerability
ZDI-17-025 CVE: CVE-2017-2961 Published: 2017-01-10
Acrobat Reader DC XFA Field Font Size Use-After-Free Remote Code Execution Vulnerability
ZDI-17-024 CVE: CVE-2017-2960 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-023 CVE: CVE-2017-2959 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion JPEG Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-022 CVE: CVE-2017-2951 Published: 2017-01-10
Adobe Reader DC XFA hyphenation Use-After-Free Remote Code Execution Vulnerability
ZDI-17-021 CVE: CVE-2017-2950 Published: 2017-01-10
Adobe Reader DC XFA Layout Use-After-Free Remote Code Execution Vulnerability
ZDI-17-020 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT decimal-format Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-019 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT namespace-alias Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-018 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT processing-instruction Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-017 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT function-available Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-016 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT sort Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-015 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT key Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-014 CVE: CVE-2017-2964 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-013 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT key Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-012 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT attribute Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-011 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT attribute-set Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-010 CVE: CVE-2017-2965 Published: 2017-01-10
Adobe Acrobat Pro DC ImageConversion TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-17-009 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT format-number Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-008 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT output Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-007 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT variable Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-006 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT system-property Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-005 CVE: CVE-2017-2949 Published: 2017-01-10
Adobe Reader DC XSLT element-available Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-004 CVE: CVE-2017-2946 Published: 2017-01-10
Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-003 CVE: CVE-2017-2946 Published: 2017-01-10
Adobe Reader DC JPEG2000 Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-17-002 CVE: CVE-2017-2941 Published: 2017-01-10
Adobe Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-17-001 CVE: CVE-2016-8519 Published: 2017-01-10
Hewlett Packard Enterprise Operations Orchestration Backwards Compatibility Deserialization of Untrusted Data Remote Code Execution Vulnerability