Foxit Studio Photo Information Disclosure Vulnerability (CNVD-2020-59776)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CMP files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59775)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of CR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59766)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of NEF files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-6107

An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

PT-2020-4374 · Microsoft · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to its failure to properly handle objects in memory. This could allow an attacker to run arbitrary code in the...

PT-2020-4332 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. An attacker who successfully exploits this issue could run arbitrar...

PT-2020-4377 · Microsoft · Office Excel +2

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of...

Sheng Zhang-Slice App has Denial of Service Vulnerability

Moment is a social chat app. A denial-of-service vulnerability exists in the Zhangsheng-Slice Moment app, which can be exploited by an attacker to cause a running app application to crash...

WarezTheRemote: Turning Remotes into Listening Devices

Television remotes have gotten little attention as a potential attack vector – despite being one of the most common household devices you can find...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Sql injection

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Authentication flaw

Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

SusanTokenERC20 Numeric Error Vulnerability

SusanTokenERC20 is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of SusanTokenERC20. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

CVE-2020-1252

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and...

CVE-2020-1012

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based atta...

CVE-2020-0998

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

CVE-2020-0914

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability b...

HELP Digit Error Vulnerability

HELP is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of HELP. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...