Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...

Vulnerability Spotlight: Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two new vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert... This is on...

Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s... This i...

Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a... This i...

Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file...

Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure

Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted...

Threat Source newsletter (Sept. 19, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re all still trying to shake off the summer. Gone are the early Fridays, beach vacations and days by the pool. Turns out, attackers m...

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2image library, which is used for loading images in different...

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability

Today, Cisco Talos is disclosing a vulnerability in VMware Workstation that could result in denial of service. VMware Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently...