2086 matches found
Netgear NETGEAR 缓冲区错误漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A buffer error vulnerability exists in NETGEAR devices that originates from an authenticated user causing a stack-based buffer overflow. The...
CVE-2021-26236
FastStone Image Viewer v.= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality BITMAPINFOHEADER Structure, 'BitCount' file format field, that will end up corrupting the Structure Exception Handler SEH. Attackers could exploit this issue to...
EulerOS 2.0 SP2 : sox (EulerOS-SA-2021-1359)
According to the versions of the sox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsxvalloc macro that...
CVE-2020-27001
A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this...
CVE-2021-26675
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code...
Security Bulletin: A GNU C Library vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary A GNU C Library vulnerability, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-10029 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by ...
AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation Exploit
/AIX 5.3L /usr/sbin/lquerypv local root privilege escalation =========================================================== AIX5.3L includes a setuid root binary "lquerypv" which contains a stack-based overflow in the handling of -V command line argument. However, prior to the vulnerability being...
TP-Link WDR4300 - Remote Code Execution (Authenticated) Exploit
Exploit Title: TP-Link WDR4300 - Remote Code Execution Authenticated Date: 2020-08-28 Exploit Author: Patrik Lantz Vendor Homepage: https://www.tp-link.com/se/home-networking/wifi-router/tl-wdr4300/ Version: TL-WDR4300, N750 Wireless Dual Band Gigabit Router Tested on: Firmware version 3.13.33 an...
TP-Link WDR4300 - Remote Code Execution (Authenticated)
Exploit Title: TP-Link WDR4300 - Remote Code Execution Authenticated Date: 2020-08-28 Exploit Author: Patrik Lantz Vendor Homepage: https://www.tp-link.com/se/home-networking/wifi-router/tl-wdr4300/ Version: TL-WDR4300, N750 Wireless Dual Band Gigabit Router Tested on: Firmware version 3.13.33 an...
CVE-2020-24646
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-26913
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR5...
PT-2020-6796 · Fortinet · Forticlient +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0.10 and below FortiOS versions 5.6.12 and below Description: The issue is related to a stack-based buffer overflow in the FortiClient NAC daemon fcnacd that can be exploited by a remote attacker authenticated to the SSL VP...
TP-Link WDR4300 Remote Code Execution Exploit
TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit. !/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using...
TP-Link WDR4300 Remote Code Execution
!/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using CVE-2017-13772. Tested on Firmware versions 3.13.33, Build 130618 and 3.14.3 Build 150518, hardware WDR4300 v1 Usage: 1...
CVE-2020-16215
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the applicatio...
PT-2020-14820 · Delta Electronics · Tpeditor
Name of the Vulnerable Software and Affected Versions: Delta Electronics TPEditor versions 1.97 and prior Description: A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this issue may allow an attacker to read or modify...
CVE-2020-15892
The CVE-2020-15892 issue affects D-Link DAP-1520 firmware (pre-1.10b04Beta02) in apply.cgi. The login flow forwards POST values to an ssi binary, and client-side validation limits the password to 15 chars, which can be bypassed. An attacker intercepting a login POST and modifying the vulnerable p...
CVE-2020-12497
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...
Stack overflow
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...
CVE-2020-12497 Phoenix Contact Automation Worx <= 1.87: stack-based overflow
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...