Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...

Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...

Allen Bradley Micrologix 1400 Series B Ethernet Card Malformed Packet Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one...

coTURN server unsafe telnet admin portal default configuration vulnerability

Summary An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server...

Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the...

Memcached Server Update Remote Code Execution Vulnerability

Summary Multiple integer overflows in processbinupdate function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3...

Foscam IP Video Camera webService 9299.org DDNS Client Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...

CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap...

Schneider Electric Modicon M580 UMAS Read Memory Block Out Of Bounds Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS memory block read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted UMAS request can cause an out of bounds read, resulting in disclosure of sensitive...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

Yi Technology Home Camera 27US Firmware Update Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...

Yi Technology Home Camera 27US p2p_tnp cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Yi Technology Home Camera 27US 1.8.7.0D Product URLs...

Anker Roav A1 Dashcam Wifi AP Default Credential Vulnerability

Summary An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. Tested Versions Anke...

VMware Workstation 14 Shader Functionality Assert Denial Of Service

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 14. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text form to trigger this vulnerability. This vulnerability can ...

Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability

Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...

Yi Technology Home Camera 27US Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. Tested Versions...

Microsoft WindowsCodecs.dll SniffAndConvertToWideString information leak vulnerability

Summary An exploitable memory leak vulnerability exists in the SniffAndConvertToWideString function of WindowsCodecs.dll 10.0.17134.1. A specially crafted JPEG file can cause the library to return uninitialized memory, resulting in an information leak. An a victim would have to interact with a...

Intel Unified Shader Compiler for Intel Graphics Accelerator Pointer Corruption

Summary An exploitable pointer corruption vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause a pointer corruption resulting in at least denial of service or, if exploited successfully, code executio...

Insteon Hub MPFS Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

Yi Technology Home Camera 27US QR Code Base64 Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability...

Sophos HitmanPro.Alert hmpalert 0x222000 kernel memory disclosure vulnerability

Summary An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP...

Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial Of Service

Summary An exploitable denial-of-service vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text...

Novatek NT9665X HTTP Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version “RoavA1SWV1.9”. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT...

Sophos HitmanPro.Alert hmpalert 0x2222CC privilege escalation vulnerability

Summary An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can...

Atlantis Word Processor Word Document Complex Piece Descriptor Table Fc.Compressed Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim ...

Yi Technology Home Camera 27US Firmware 7z CRC Collision Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this...

Linksys ESeries multiple OS command injection vulnerabilities

Summary Multiple exploitable operating system command injections exist in the Linksys ESeries line of routers. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an...

Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

Foxit PDF Reader JavaScript getPageNumWords remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Yi Technology Home Camera 27US QR Code trans_info Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability...

Atlantis Word Processor Office Open XML uninitialized TTableRow code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

Yi Technology Home Camera 27US cloudAPI SSID Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerabilit...

coTURN Administrator Web Portal SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server...

Atlantis Word Processor Word document paragraph property (0xD608) sprmTDefTable uninitialized length code execution vulnerability

Summary An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a...

Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial Of Service

Summary An exploitable denial of service vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text...

Shimo VPN helper tool deleteConfig denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...

Yi Technology Home Camera 27US CRCDec denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

Foxit PDF Reader Javascript importDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability

Summary An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope...

Yi Technology Home Camera 27US nonce reuse authentication bypass vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to...

Yi Technology Home Camera 27US notice_to denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

Foxit PDF Reader JavaScript getPageBox remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

MKVToolNix MKVINFO read_one_element code execution vulnerability

Summary A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV matroska file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. Tested Versions MKVToolNix mkvinfo v25.0.0 ‘Prog Noir’ 64-bit Product URLs...

Foxit PDF Reader JavaScript getPageNthWord remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick t...

Foxit PDF Reader JavaScript getNthFieldName remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Foxit PDF Reader Javascript removeDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

Foxit PDF Reader JavaScript this.event.target Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Foxit PDF Reader JavaScript getPageRotation remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...