TippingPoint Zero Day Initiative
 

Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by our own DVLabs researchers. A list of published advisories discovered by TippingPoint's DVLabs research group is available from:

ZDI Advisories: 2014   |   2013   |   2012   |   2011   |   2010   |   2009   |   2008   |   2007   |   2006   |   2005

ZDI-14-092 CVE: CVE-2014-0506 Published: 2014-04-11
(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability
ZDI-14-091 CVE: CVE-2014-1303 Published: 2014-04-11
(Pwn2Own) Apple Safari Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-090 CVE: CVE-2014-1300 Published: 2014-04-11
(Pwn2Own\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability
ZDI-14-089 CVE: CVE-2014-1715 Published: 2014-04-11
(Pwn2Own) Google Chrome Directory Traversal Sandbox Escape Vulnerability
ZDI-14-088 CVE: CVE-2014-1705 Published: 2014-04-11
(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability
ZDI-14-087 CVE: CVE-2014-1714 Published: 2014-04-11
(Pwn2Own) Google Chrome Clipboard Sandbox Escape Vulnerability
ZDI-14-086 CVE: CVE-2014-1713 Published: 2014-04-11
(Pwn2Own) Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability
ZDI-14-085 CVE: CVE-2014-1514 Published: 2014-04-11
(Pwn2Own) Mozilla Firefox TypedArrayObject Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-14-084 CVE: CVE-2014-1513 Published: 2014-04-11
(Pwn2Own) Mozilla Firefox ArrayBuffer Out-Of-Bounds Read/Write Remote Code Execution Vulnerability
ZDI-14-083 CVE: CVE-2014-1512 Published: 2014-04-11
(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability
ZDI-14-082 CVE: CVE-2014-1511 Published: 2014-04-11
(Pwn2Own) Mozilla Firefox Pop-Up Blocker Bypass Vulnerability
ZDI-14-081 CVE: CVE-2014-1510 Published: 2014-04-11
(Pwn2Own) Mozilla Firefox Privileged Content Loading Remote Code Execution Vulnerability
ZDI-14-080 CVE: CVE-2014-1760 Published: 2014-04-10
Microsoft Internet Explorer CFormatCache<CSvgFormat>::AddRefData Improper Indexing Remote Code Execution Vulnerability
ZDI-14-079 CVE: CVE-2014-1753 Published: 2014-04-10
Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
ZDI-14-078 CVE: CVE-2014-0235 Published: 2014-04-10
Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability
ZDI-14-077 CVE: CVE-2014-0763 Published: 2014-04-10
Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability
ZDI-14-076 CVE: CVE-2014-0764 Published: 2014-04-10
Advantech WebAccess webvact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-075 CVE: CVE-2014-0768 Published: 2014-04-10
Advantech WebAccess webvact.ocx UserName Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-074 CVE: CVE-2014-0767 Published: 2014-04-10
Advantech WebAccess webvact.ocx AccessCode Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-073 CVE: CVE-2014-0766 Published: 2014-04-10
Advantech WebAccess webvact.ocx NodeName2 Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-072 CVE: CVE-2014-0765 Published: 2014-04-10
Advantech WebAccess webvact.ocx GotoCmd Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-071 CVE: CVE-2014-0787 Published: 2014-04-10
WellinTech KingScada AEserver.exe Remote Code Execution Vulnerability
ZDI-14-070 CVE: CVE-2014-0507 Published: 2014-04-08
Adobe Flash Player Regular Expression Stack Overflow Remote Code Execution Vulnerability
ZDI-14-069 CVE: Published: 2014-04-08
Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability
ZDI-14-068 CVE: Published: 2014-04-08
SolarWinds Firewall Security Manager FSMWebService Information Disclosure Vulnerability
ZDI-14-067 CVE: Published: 2014-04-08
SolarWinds Server and Application Monitor VSReport Remote Code Execution Vulnerability
ZDI-14-066 CVE: Published: 2014-04-08
SolarWinds Server and Application Monitor Apex Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-065 CVE: Published: 2014-04-08
SolarWinds Server and Application Monitor C1Chart3D8 Array Indexing Remote Code Execution Vulnerability
ZDI-14-064 CVE: Published: 2014-04-08
SolarWinds Server and Application Monitor wpdlx Remote Code Execution Vulnerability
ZDI-14-063 CVE: CVE-2013-6210 Published: 2014-04-08
HP Unified Functional Testing ExGrid SaveXML Remote Code Execution Vulnerability
ZDI-14-062 CVE: CVE-2014-0285 Published: 2014-04-08
Microsoft Internet Explorer NavigateToBookmark Use-After-Free Remote Code Execution Vulnerability
ZDI-14-061 CVE: CVE-2014-0274 Published: 2014-04-08
Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability
ZDI-14-060 CVE: CVE-2014-2276 Published: 2014-04-08
EMC Connectrix Manager Converged Network Edition inmservlets.war FileUploadController Servlet Information Disclosure Vulnerability
ZDI-14-059 CVE: CVE-2014-0779 Published: 2014-04-03
Schneider-Electric ClearSCADA ServerMain.exe OPF File Parsing Remote Code Execution Vulnerability
ZDI-14-058 CVE: CVE-2014-1486 Published: 2014-04-03
Mozilla Firefox imgRequestProxy Use-After-Free Remote Code Execution Vulnerability
ZDI-14-057 CVE: CVE-2014-1290 Published: 2014-04-03
Apple Mobile Safari isindex Use-After-Free Remote Code Execution Vulnerability
ZDI-14-056 CVE: Published: 2014-04-03
Avaya IP Office one-X Portal Remote Code Execution Vulnerability
ZDI-14-055 CVE: CVE-2013-3706 Published: 2014-04-03
Novell ZENworks Configuration Management PreBoot Service Information Disclosure Vulnerability
ZDI-14-054 CVE: CVE-2014-0774 Published: 2014-04-03
Schneider Electric OPC Factory Server OFS Client Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-053 CVE: CVE-2013-6771 Published: 2014-04-03
Splunk runshellscript echo.sh Remote Code Execution Vulnerability
ZDI-14-052 CVE: CVE-2013-6771 Published: 2014-04-03
Splunk collect file Remote Code Execution Vulnerability
ZDI-14-051 CVE: CVE-2013-4841 Published: 2014-04-03
Hewlett-Packard LeftHand Virtual SAN Appliance dbd_manager libens Unmarshalling Remote Code Execution Vulnerability
ZDI-14-050 CVE: Published: 2014-04-03
McAfee Cloud Identity Manager ExtensionAccessServlet Information Disclosure Vulnerability
ZDI-14-049 CVE: CVE-2014-1251 Published: 2014-04-03
Apple QuickTime clef Atom Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-048 CVE: CVE-2014-1246 Published: 2014-04-03
Apple QuickTime ftab Atom Remote Code Execution Vulnerability
ZDI-14-047 CVE: CVE-2014-1245 Published: 2014-04-03
Apple QuickTime stsz Atom Remote Code Execution Vulnerability
ZDI-14-046 CVE: CVE-2014-1247 Published: 2014-04-03
Apple QuickTime dref Atom Remote Code Execution Vulnerability
ZDI-14-045 CVE: CVE-2014-1244 Published: 2014-04-03
Apple QuickTime stsz Atom Remote Code Execution Vulnerability
ZDI-14-044 CVE: CVE-2014-1243 Published: 2014-04-03
Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability
ZDI-14-043 CVE: CVE-2013-6207 Published: 2014-04-03
Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability
ZDI-14-042 CVE: CVE-2013-6203 Published: 2014-04-03
Hewlett-Packard Application Information Optimizer Remote Code Execution Vulnerability
ZDI-14-041 CVE: CVE-2013-6204 Published: 2014-04-03
Hewlett-Packard Application Information Optimizer Credential Information Disclosure Vulnerability
ZDI-14-040 CVE: CVE-2014-0498 Published: 2014-04-03
Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-039 CVE: CVE-2013-6724 Published: 2014-04-03
IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability
ZDI-14-038 CVE: CVE-2013-5907 Published: 2014-04-03
Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-037 CVE: CVE-2013-5400 Published: 2014-04-03
IBM Platform Symphony DE Auth-Bypass Remote Code Execution Vulnerability
ZDI-14-036 CVE: CVE-2014-0307 Published: 2014-04-03
Microsoft Internet Explorer HtmlLayout Use-After-Free Remote Code Execution Vulnerability
ZDI-14-035 CVE: CVE-2014-0308 Published: 2014-04-03
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
ZDI-14-034 CVE: CVE-2014-0313 Published: 2014-04-03
Microsoft Internet Explorer Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-033 CVE: CVE-2014-0312 Published: 2014-03-20
Microsoft Internet Explorer CSelectElement Use-After-Free Remote Code Execution Vulnerability
ZDI-14-032 CVE: CVE-2014-0299 Published: 2014-03-20
Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability
ZDI-14-031 CVE: CVE-2014-0298 Published: 2014-03-20
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
ZDI-14-030 CVE: CVE-2014-0297 Published: 2014-03-20
Microsoft Internet Explorer CTraversalMarkupPointer Use-After-Free Remote Code Execution Vulnerability
ZDI-14-029 CVE: CVE-2013-0946 Published: 2014-02-13
EMC AlphaStor Library Manager 0x4f Command Remote Code Execution Vulnerability
ZDI-14-028 CVE: CVE-2014-0281 Published: 2014-02-13
Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
ZDI-14-027 CVE: CVE-2014-0289 Published: 2014-02-13
Microsoft Internet Explorer CMarkupPointer Use-After-Free Remote Code Execution Vulnerability
ZDI-14-026 CVE: CVE-2014-0275 Published: 2014-02-13
Microsoft Internet Explorer CAreaElement Use-After-Free Remote Code Execution Vulnerability
ZDI-14-025 CVE: CVE-2014-0274 Published: 2014-02-13
Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability
ZDI-14-024 CVE: CVE-2014-0287 Published: 2014-02-13
Microsoft Internet Explorer CHtmlLayout Use-After-Free Remote Code Execution Vulnerability
ZDI-14-023 CVE: CVE-2014-0286 Published: 2014-02-13
Microsoft Internet Explorer CInputElement Use-After-Free Remote Code Execution Vulnerability
ZDI-14-022 CVE: CVE-2014-0288 Published: 2014-02-13
Microsoft Internet Explorer CDivElement Use-After-Free Remote Code Execution Vulnerability
ZDI-14-021 CVE: CVE-2014-0269 Published: 2014-02-13
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
ZDI-14-020 CVE: CVE-2014-0270 Published: 2014-02-13
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
ZDI-14-019 CVE: CVE-2014-0263 Published: 2014-02-13
Microsoft Direct2D Graphics Component Remote Code Execution Vulnerability
ZDI-14-018 CVE: CVE-2013-6749 Published: 2014-02-13
IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-14-017 CVE: CVE-2013-5387 Published: 2014-02-13
IBM Platform Symphony DE Remote Code Execution Vulnerability
ZDI-14-016 CVE: CVE-2014-0751 Published: 2014-02-13
GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability
ZDI-14-015 CVE: CVE-2014-0750 Published: 2014-02-13
GE Proficy CIMPLICITY gefebt.exe File Upload Remote Code Execution Vulnerability
ZDI-14-014 CVE: CVE-2014-0492 Published: 2014-02-05
Adobe Flash Player Jump Opcode Information Leak Vulnerability
ZDI-14-013 CVE: CVE-2013-5907 Published: 2014-02-05
Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability
ZDI-14-012 CVE: CVE-2013-2826 Published: 2014-02-05
WellinTech KingSCADA KingAlarm & Event KAEManageServer Information Disclosure Vulnerability
ZDI-14-011 CVE: CVE-2013-2827 Published: 2014-02-05
WellinTech KingScada KingGraphic kxClientDownload ActiveX Remote Code Execution Vulnerability
ZDI-14-010 CVE: CVE-2013-6189 Published: 2014-01-29
HP Application Information Optimizer DataDirect OpenAccess GIOP Remote Code Execution Vulnerability
ZDI-14-009 CVE: CVE-2013-6195 Published: 2014-01-10
Hewlett-Packard Data Protector Cell Manager crs.exe Multiple Opcodes Remote Code Execution Vulnerability
ZDI-14-008 CVE: CVE-2013-2347 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability
ZDI-14-007 CVE: CVE-2013-2350 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service rbda Remote Code Execution Vulnerability
ZDI-14-006 CVE: CVE-2013-2345 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service vrda Remote Code Execution Vulnerability
ZDI-14-005 CVE: CVE-2013-2349 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service vbda Remote Code Execution Vulnerability
ZDI-14-004 CVE: CVE-2013-2346 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service rrda Remote Code Execution Vulnerability
ZDI-14-003 CVE: CVE-2013-6194 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service Opcode 42 Remote Code Execution Vulnerability
ZDI-14-002 CVE: CVE-2013-2348 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service Opcode 45 and 46 Remote Code Execution Vulnerability
ZDI-14-001 CVE: CVE-2013-2344 Published: 2014-01-10
Hewlett-Packard Data Protector Backup Client Service RxNtSetup Remote Code Execution Vulnerability