TippingPoint Zero Day Initiative
 

Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by our own DVLabs researchers. A list of published advisories discovered by TippingPoint's DVLabs research group is available from:

ZDI Advisories: 2015   |   2014   |   2013   |   2012   |   2011   |   2010   |   2009   |   2008   |   2007   |   2006   |   2005

ZDI-15-107 CVE: CVE-2015-2284 Published: 2015-03-13
SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability
ZDI-15-106 CVE: CVE-2015-0443 Published: 2015-03-13
(0Day) Oracle Data Quality LoaderWizard Module Unloading Remote Code Execution Vulnerability
ZDI-15-105 CVE: CVE-2015-0444 Published: 2015-03-13
(0Day) Oracle Data Quality LoaderWizard SetEntities Type Confusion Remote Code Execution Vulnerability
ZDI-15-104 CVE: CVE-2015-0445 Published: 2015-03-13
(0Day) Oracle Data Quality DscXB onloadstatechange Use-After-Free Remote Code Execution Vulnerability
ZDI-15-103 CVE: CVE-2015-0446 Published: 2015-03-13
(0Day) Oracle Data Quality LoaderWizard DataPreview Type Confusion Remote Code Execution Vulnerability
ZDI-15-102 CVE: CVE-2015-0043 Published: 2015-03-12
Microsoft Internet Explorer SVG marker Use-After-Free Remote Code Execution Vulnerability
ZDI-15-101 CVE: CVE-2014-7889 Published: 2015-03-12
Hewlett-Packard POS USB Line Display OPOS Drivers OPOSLineDisplay.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-100 CVE: CVE-2014-7895 Published: 2015-03-12
Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSCashDrawer.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-099 CVE: CVE-2014-7893 Published: 2015-03-12
Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSCheckScanner.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-098 CVE: CVE-2014-7892 Published: 2015-03-12
Hewlett-Packard POS Keyboard OPOS Drivers OPOSMSR.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-097 CVE: CVE-2014-7888 Published: 2015-03-12
Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSMICR.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-096 CVE: CVE-2014-7894 Published: 2015-03-12
Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSPOSPrinter.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-095 CVE: CVE-2014-7891 Published: 2015-03-12
Hewlett-Packard POS Keyboard OPOS Drivers OPOSPOSKeyboard.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-094 CVE: CVE-2014-7890 Published: 2015-03-12
Hewlett-Packard POS Keyboard OPOS Drivers opostoneindicator.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-093 CVE: CVE-2014-7912 Published: 2015-03-12
(Mobile Pwn2Own) Google Android DHCP Parsing Remote Code Execution Vulnerability
ZDI-15-092 CVE: CVE-2014-7914 Published: 2015-03-12
(Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability
ZDI-15-091 CVE: CVE-2014-9205 Published: 2015-03-12
MICROSYS PROMOTIC Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-090 CVE: CVE-2015-0982 Published: 2015-03-12
Schneider Electric DS-NVs Rvctl.RVControl.1 SetText Remote Code Execution Vulnerability
ZDI-15-089 CVE: CVE-2015-1230 Published: 2015-03-12
Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability
ZDI-15-088 CVE: CVE-2015-0085 Published: 2015-03-12
Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability
ZDI-15-087 CVE: CVE-2015-0341 Published: 2015-03-12
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
ZDI-15-086 CVE: CVE-2015-0096 Published: 2015-03-11
Microsoft Windows .LNK DLL Planting Remote Code Execution Vulnerability
ZDI-15-085 CVE: CVE-2014-6329 Published: 2015-03-10
Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability
ZDI-15-084 CVE: CVE-2015-1624 Published: 2015-03-10
Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability
ZDI-15-083 CVE: CVE-2015-1623 Published: 2015-03-10
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
ZDI-15-082 CVE: CVE-2015-1622 Published: 2015-03-10
Microsoft Internet Explorer CGeneratedContent::UnWrapContent Out-Of-Bound Write Remote Code Execution Vulnerability
ZDI-15-081 CVE: CVE-2015-0100 Published: 2015-03-10
Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
ZDI-15-080 CVE: CVE-2015-0099 Published: 2015-03-10
Microsoft Internet Explorer BuildAnimation Memory Corruption Remote Code Execution Vulnerability
ZDI-15-079 CVE: CVE-2015-0077 Published: 2015-03-10
Microsoft Windows NtUserfnINSTRINGNULL Information Leak Vulnerability
ZDI-15-078 CVE: CVE-2015-0094 Published: 2015-03-10
Microsoft Windows NtUserfnINOUTNCCALCSIZE Information Leak Vulnerability
ZDI-15-077 CVE: CVE-2015-0056 Published: 2015-03-10
Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-076 CVE: CVE-2015-0081 Published: 2015-03-10
Microsoft Windows Text Services Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
ZDI-15-075 CVE: CVE-2015-1626 Published: 2015-03-10
Microsoft Internet Explorer CInputContext Use-After-Free Remote Code Execution Vulnerability
ZDI-15-074 CVE: CVE-2015-2094 Published: 2015-02-27
(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 SaveSiteImage Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-073 CVE: CVE-2015-2094 Published: 2015-02-27
(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 StopSiteAllChannel Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-072 CVE: CVE-2015-2094 Published: 2015-02-27
(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 PlaySiteAllChannel Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-071 CVE: CVE-2015-2094 Published: 2015-02-27
(0Day) WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 PrintSiteImage Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-070 CVE: CVE-2015-2095 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 SetConnectInfo Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-069 CVE: CVE-2015-2096 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 Connect Method Use-After-Free Remote Code Execution Vulnerability
ZDI-15-068 CVE: CVE-2015-2097 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 LoadImageEx Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-067 CVE: CVE-2015-2100 Published: 2015-02-27
(0Day) WebGate Control Center WESPDiscovery.WESPDiscoveryCtrl.1 TCPDiscovery Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-066 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 OpenDVrSSite Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-065 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteName Property Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-064 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteChannel Property Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-063 CVE: CVE-2015-2099 Published: 2015-02-27
(0Day) WebGate Control Center WESPPlayback.WESPPlaybackCtrl.1 GetThumbnail Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-062 CVE: CVE-2015-2097 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPSerialPort.WESPSerialPortCtrl.1 Connect Method Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-061 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPTZ.WESPPTZCtrl.1 Connect/ConnectEx Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-060 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 AudioOnlySiteChannel Property Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-059 CVE: CVE-2015-2097 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 LoadImage Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-058 CVE: CVE-2015-2098 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPEvent.WESPEventCtrl.1 Connect/ConnectEx/ConnectEx2 Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-057 CVE: CVE-2015-2100 Published: 2015-02-27
(0Day) WebGate eDVR Manager WESPDiscovery.WESPDiscoveryCtrl.1 TCPDiscovery Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-056 CVE: CVE-2015-2099 Published: 2015-02-27
(0Day) WebGate Control Center LoginContoller.LoginControllerCtrl.1 Login Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-055 CVE: CVE-2015-2099 Published: 2015-02-27
(0Day) WebGate Control Center FileConverter.FileConverterCtrl.1 GetRecFileInfo Stack and Heap Buffer Overflow Remote Code Execution Vulnerabilities
ZDI-15-054 CVE: CVE-2015-2093 Published: 2015-02-27
(0Day) WebGate WebEyeAudio.OCX Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-053 CVE: CVE-2015-2092 Published: 2015-02-27
(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability
ZDI-15-052 CVE: Published: 2015-02-27
(0Day) Microsoft Word Line Formatting Denial of Service Vulnerability
ZDI-15-051 CVE: CVE-2015-2061 Published: 2015-02-27
PTC Creo View Heap Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-050 CVE: CVE-2014-6369 Published: 2015-02-25
Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability
ZDI-15-049 CVE: CVE-2015-1605 Published: 2015-02-20
Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability
ZDI-15-048 CVE: CVE-2015-1605 Published: 2015-02-20
Dell ScriptLogic Asset Manager GetClientPackage SQL Injection Remote Code Execution Vulnerability
ZDI-15-047 CVE: CVE-2015-0331 Published: 2015-02-19
Adobe Flash HLS Playlist Use-After-Free Remote Code Execution Vulnerability
ZDI-15-046 CVE: CVE-2014-9375 Published: 2015-02-13
Lexmark Markvision Enterprise LibraryFileUploadServlet Remote Code Execution Vulnerability
ZDI-15-045 CVE: CVE-2015-0314 Published: 2015-02-10
Adobe Flash Player BitmapFilter Invalid Object Corruption Remote Code Execution Vulnerability
ZDI-15-044 CVE: CVE-2015-1500 Published: 2015-02-10
SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl graphManager.load Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-043 CVE: CVE-2015-1501 Published: 2015-02-10
SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Remote Code Execution Vulnerability
ZDI-15-042 CVE: CVE-2015-1500 Published: 2015-02-10
SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-041 CVE: CVE-2015-1499 Published: 2015-02-10
Samsung Security Manager ActiveMQ Broker Service DELETE Method Denial of Service Vulnerability
ZDI-15-040 CVE: CVE-2014-9200 Published: 2015-02-10
Schneider Electric SoMove Lite IsObjectModel RemoveParameter Remote Code Execution Vulnerability
ZDI-15-039 CVE: CVE-2015-1498 Published: 2015-02-10
Persistent Systems Client Automation Remote Elevation of Privilege Vulnerability
ZDI-15-038 CVE: CVE-2015-1497 Published: 2015-02-10
(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability
ZDI-15-037 CVE: CVE-2015-1496 Published: 2015-02-10
Motorola Scanner SDK ScannerService.exe Privilege Escalation Vulnerability
ZDI-15-036 CVE: CVE-2015-1496 Published: 2015-02-10
Motorola Scanner SDK rsmdriverproviderservice.exe Privilege Escalation Vulnerability
ZDI-15-035 CVE: CVE-2015-1496 Published: 2015-02-10
Motorola Scanner SDK CoreScanner.exe Privilege Escalation Vulnerability
ZDI-15-034 CVE: CVE-2015-1495 Published: 2015-02-10
Motorola Scanner SDK OPOSScale.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-033 CVE: CVE-2015-1495 Published: 2015-02-10
Motorola Scanner SDK OPOSSCANNER.ocx Open Method Remote Code Execution Vulnerability
ZDI-15-032 CVE: CVE-2014-6354 Published: 2015-02-10
Microsoft Internet Explorer CSVGSVGElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-031 CVE: CVE-2015-1044 Published: 2015-02-10
VMware Workstation Authorization Service Denial-of-Service Vulnerability
ZDI-15-030 CVE: CVE-2015-0058 Published: 2015-02-10
Microsoft Windows win32k.sys Dangling Pointer Privilege Escalation Vulnerability
ZDI-15-029 CVE: CVE-2015-0053 Published: 2015-02-10
Microsoft Internet Explorer UnitValueProperty Uninitialized Pointer Remote Code Execution Vulnerability
ZDI-15-028 CVE: CVE-2015-0046 Published: 2015-02-10
Microsoft Internet Explorer Type Confusion Information Disclosure Vulnerability
ZDI-15-027 CVE: CVE-2015-0045 Published: 2015-02-10
Microsoft Internet Explorer CLineFull Use-After-Free Remote Code Execution Vulnerability
ZDI-15-026 CVE: CVE-2015-0044 Published: 2015-02-10
Microsoft Internet Explorer CTableLayout Out-of-Bounds Memory Access Remote Code Execution Vulnerability
ZDI-15-025 CVE: CVE-2015-0043 Published: 2015-02-10
Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability
ZDI-15-024 CVE: CVE-2015-0042 Published: 2015-02-10
Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability
ZDI-15-023 CVE: CVE-2015-0041 Published: 2015-02-10
Microsoft Internet Explorer CTreePos Double Free Remote Code Execution Vulnerability
ZDI-15-022 CVE: CVE-2015-0040 Published: 2015-02-10
Microsoft Internet Explorer CMapElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-021 CVE: CVE-2015-0038 Published: 2015-02-10
Microsoft Internet Explorer CUListElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-020 CVE: CVE-2015-0037 Published: 2015-02-10
Microsoft Internet Explorer Ptls6::LsFmtText Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-15-019 CVE: CVE-2015-0036 Published: 2015-02-10
Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution Vulnerability
ZDI-15-018 CVE: CVE-2015-0035 Published: 2015-02-10
Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-017 CVE: CVE-2015-0035 Published: 2015-02-10
Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability
ZDI-15-016 CVE: CVE-2015-0031 Published: 2015-02-10
Microsoft Internet Explorer TransNavContext Information Disclosure Vulnerability
ZDI-15-015 CVE: CVE-2015-0027 Published: 2015-02-10
Microsoft Internet Explorer CSS Regions Use-After-Free Remote Code Execution Vulnerability
ZDI-15-014 CVE: CVE-2015-0025 Published: 2015-02-10
Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability
ZDI-15-013 CVE: CVE-2015-0017 Published: 2015-02-10
Microsoft Internet Explorer CAutoRange::ScrollIntoView Use-After-Free Remote Code Execution Vulnerability
ZDI-15-012 CVE: CVE-2015-0003 Published: 2015-02-10
Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability
ZDI-15-011 CVE: CVE-2014-4484 Published: 2015-01-27
Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
ZDI-15-010 CVE: CVE-2014-8840 Published: 2015-01-27
(Mobile Pwn2Own) Apple iOS SSL Sandbox Bypass Vulnerability
ZDI-15-009 CVE: CVE-2014-4477 Published: 2015-01-27
(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
ZDI-15-008 CVE: CVE-2014-5211 Published: 2015-01-21
Attachmate Reflection FTP Client Stack Buffer Overflow Remote Code Execution Vulnerability
ZDI-15-007 CVE: CVE-2015-0307 Published: 2015-01-21
Adobe Flash Player AVSegmentedSource::getABRProfileInfoAtIndex Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-15-006 CVE: CVE-2014-5005 Published: 2015-01-07
ManageEngine Desktop Central MSP StatusUpdateServlet fileName File Upload Remote Code Execution Vulnerability
ZDI-15-005 CVE: CVE-2014-9188 Published: 2015-01-07
Schneider Electric ProClima MetaDraw ArrangeObjects Remote Code Execution Vulnerability
ZDI-15-004 CVE: CVE-2014-8512 Published: 2015-01-07
Schneider Electric ProClima ATX45 SetBodyAttribute Remote Code Execution Vulnerability
ZDI-15-003 CVE: CVE-2014-8511 Published: 2015-01-07
Schneider Electric ProClima ATX45 SetHtmlFileName Remote Code Execution Vulnerability
ZDI-15-002 CVE: CVE-2014-8514 Published: 2015-01-07
Schneider Electric ProClima MetaDraw ObjLinks Property Remote Code Execution Vulnerability
ZDI-15-001 CVE: CVE-2014-8513 Published: 2015-01-07
Schneider Electric ProClima MetaDraw ObjectOverlappedBy Remote Code Execution Vulnerability