CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

CVE-2018-3833

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2018-1000221

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote that can result in dequote function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to...

CVE-2018-1000223

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility...

Buffer overflow

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility...

CVE-2018-1000223

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility...

CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

Null pointer dereference

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at...

Design/Logic Flaw

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

Sql injection

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

CVE-2018-3937

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this...

Faxploit: Hackers can use Fax machines to inject malware into a targeted network

By Waqas Think twice before sharing your fax number with someone. Many corporations provide their fax number in the contact information page on the websites. After all, it is considered completely harmless to share fax number with other information like the email address or phone number. However,...

Design/Logic Flaw

A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...

CVE-2018-3939

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2018-3881

CVE-2018-3881 affects FocalScope v2416 and earlier: an unauthenticated XML External Entity (XXE) vulnerability that allows a crafted XML payload to cause data disclosure. TALOS details show the vulnerability is triggered via POST to /emm/cros /xlogin.asp with a crafted XML document, demonstrating...

Design/Logic Flaw

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF...