2224 matches found
Nitro Pro PDF Javascript XML error handling Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a...
WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...
Accusoft ImageGear JPEG SOFx Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...
Accusoft ImageGear BMP bmp_parsing buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the bmpparsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...
Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn’t handled properly, resulting in arbitrary code execution. An attacke...
Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability
Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...
Foscam IP Video Camera webService oray.com DDNS Client Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
phpGACL template multiple cross-site scripting vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...
Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability
Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...
Moxa AWK-3131A iw_console Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...
CoTURN HTTP Server POST-parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Tested Versions...
Adobe Acrobat Reader DC Javascript gotoNamedDest information leak vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to information leak when opening a PDF document in Adobe Acrobat Reader DC 2019.021.20048. With careful memory manipulation, this can lead to sensitive information disclose which could be abused when exploiting another vulnerabili...
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross-Site Scripting Vulnerability
Summary An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on...
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure Vulnerability
Summary An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information,...
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability
Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...
Robustel R1510 web_server action endpoints OS command injection vulnerabilities
Summary Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...
Webroot Secure Anywhere IOCTL GetProcessCommand and B_03 out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Webroot Secure Anywhere 21.4 Produ...
Foxit Reader Field OnFocus event use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1068 Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6115 SUMMARY An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro...
Epson EB-1470Ui ESPON Web Control Authentication Bypass Vulnerability
Summary An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can...
NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon hostapd on the NETGEAR N300 WNR2000v5 wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An...
Pixar Renderman IT Display Service 0x69 Command Denial-of-Service Vulnerability
Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...
Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability
Summary A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. Tested Versions Simple DirectMedia Lay...
Memcached Server Append/Prepend Remote Code Execution Vulnerability
Summary An integer overflow in the processbinappendprepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv...
smallstep Step-CA Certificate Signing authentication bypass vulnerability
Talos Vulnerability Report TALOS-2025-2242 smallstep Step-CA Certificate Signing authentication bypass vulnerability December 17, 2025 CVE Number CVE-2025-44005 SUMMARY An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completi...
Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1528 Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-32573 SUMMARY A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A...
Open Automation Software OAS Platform REST API unauthenticated vulnerability
Summary An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
Adobe Acrobat Reader Javascript event.richValue use-after-free vulnerability
Summary A use-after-free vulnerability exists in the way certain events are handled in Adobe Acrobat Reader 21.007.20091. A specially-crafted javascript code can exploit a use-after-free vulnerability which can lead to arbitrary code execution. User would need to open a malicious file to trigger...
AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities
Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...
Accusoft ImageGear PDF process_fontname stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the PDF processfontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear...
NZXT CAM WinRing0x64 driver IRP 0x9c406144 information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...
Microsoft Media Foundation IMFASFSplitter::Initialize Code Execution Vulnerability
Summary An exploitable type confusion vulnerability exists in the mfasfsrcsnk.dll of Microsoft Media Foundation 10.0.18362.207. A specially crafted ASF file can cause type confusion, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
Schneider Electric Modicon M580 UMAS Read System Coils and Registers Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the UMAS Read System Coils and Registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted UMAS command can cause the device to enter a non-recoverab...
Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability
Summary An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub. The hubCore process incorrectly handles malformed files existing in its “data” directory, leading to an infinite loop, which eventually causes...
Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability
Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...
ACDSee Ultimate 10 IDE_PSD PSD Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this...
Cesanta Mongoose MQTT Payload Length Remote Code Execution
Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and...
Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability
Talos Vulnerability Report VRT-2014-0301 Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability March 7, 2014 CVE Number CVE-2014-4115 Description An exploitable local privileged code execution vulnerability exists in the Microsoft Windows FastFAT system driver. The FastFAT system...
Tinyproxy HTTP Connection Headers use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1889 Tinyproxy HTTP Connection Headers use-after-free vulnerability May 1, 2024 CVE Number CVE-2023-49606 SUMMARY A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability
Talos Vulnerability Report TALOS-2023-1858 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability February 6, 2024 CVE Number CVE-2023-47617 SUMMARY A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER72...
Mini-SNMPD decode_int Information Leak Vulnerability
Talos Vulnerability Report TALOS-2019-0976 Mini-SNMPD decodeint Information Leak Vulnerability February 3, 2020 CVE Number CVE-2020-6059 Summary An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request c...
WAGO PFC200 iocheckd service "I/O-Check" ReadPCBManuNum remote code execution vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger...
VMware Fusion 11 Shader Functionality Denial Of Service
Summary An exploitable denial of service vulnerability exists in VMware Fusion 11.1.0 13668589. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from a VMware...
Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...
Schneider Electric Modicon M580 FTP firmware update loader service denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update service function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially ordered set of FTP commands can cause the FTP loader service to enter a waiting...
Nouveau Display Driver Remote Denial of Service
Summary A remote denial-of-service vulnerability exists in the way the Nouveau display driver the default Ubuntu Nvidia display driver handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to...
Foscam IP Video Camera webService 3322.net DDNS Client Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
Simple DirectMedia Layer Create RGB Surface Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provid...
Moxa MXView Series Web Application information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Moxa MXView Series 3.2....
Reolink RLC-410W cgiserver.cgi Upgrade API denial of service vulnerability
Summary A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink RLC-410W...