2224 matches found
Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...
Microsoft Remote Desktop Services (RDP7) Windows XP Multiple Information Leak Vulnerabilities
Summary Exploitable information leak vulnerabilities exists in the RDP7 implementation of Microsoft’s Remote Desktop Services on Windows XP. Various aspects of the T.128 protocol, such as capability negotiation, can cause an information leak, which can provide an attacker information about the...
Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...
Computerinsel Photoline PCX Decompress Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code...
HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0178 HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4332 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage an...
LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0172 LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-4335 Description An exploitable buffer overflow exists in the XLS parsing of the Perspective Document Filters conversion functionality. A...
Adobe Acrobat Reader U3D page event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1842 Adobe Acrobat Reader U3D page event use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-44372 SUMMARY A use-after-free vulnerability exists in the page event processing in Adobe Acrobat Reader 2023.006.20320. A specially crafted Javascript...
Siretta QUARTZ-GOLD httpd delfile.cgi directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1606 Siretta QUARTZ-GOLD httpd delfile.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-40701 SUMMARY A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...
InHand Networks InRouter302 console support leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1521 InHand Networks InRouter302 console support leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-28689 SUMMARY A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A...
NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXABLE memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader dclindexable functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...
Systemd DHCP client denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the...
Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability
Summary An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this...
Microsoft Azure Sphere Normal World application /proc/thread-self/mem unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...
Adobe Acrobat Reader DC Annotation Destroy Remote Code Execution
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need...
Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability
Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...
Microsoft Remote Desktop Services (RDP8) license negotiation denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the RDP8 implementation of Microsoft’s Remote Desktop Services. A certain component of license negotiation can allow a remote client to read an amount of memory that is controlled by the client. Due to this, a client can coerce the...
Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Insteon Hub PubNub "ad" Channel Message Handler Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the PubNub message handler for the “ad” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Computerinsel Photoline PSD Blending Channels Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PSD parsing functionality of Computerinsel Photoline 20.53. A specially crafted PSD document processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PSD document to trigger this...
Computerinsel Photoline TIFF Samples Per Pixel Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
Circle with Disney Apid Strstr Authentication Bypass Vulnerability
Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...
FreeRDP Rdp Client License Read Challenge Packet Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...
Foscam IP Video Camera CGIProxy.fcgi Wifi Settings Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data, potentially...
PowerISO ISO Parsing Use After Free
Summary A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability. Tested Versions PowerISO 6.8 6, ...
WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability
Summary An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL library versions up to 3.10.2. A specially crafted x509 certificate can cause a single out of bounds byte overwrite resulting in potential certificate validation vulnerabilities,...
Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability
Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...
Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the broadcast mode replay prevention functionality of ntpd. To prevent replay of broadcast mode packets, ntpd rejects broadcast mode packets with non-monotonically increasing transmit timestamps. Remote unauthenticated attackers can...
Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0060 Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially...
Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...
EIP Stack Group OpENer SetAttributeList attribute_count_request out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1662 EIP Stack Group OpENer SetAttributeList attributecountrequest out-of-bounds write vulnerability February 23, 2023 CVE Number CVE-2022-43605 SUMMARY An out-of-bounds write vulnerability exists in the SetAttributeList attributecountrequest functionality of...
Ghost user enumeration vulnerablity
Talos Vulnerability Report TALOS-2022-1625 Ghost user enumeration vulnerablity December 21, 2022 CVE Number CVE-2022-41697 SUMMARY A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of...
InHand Networks InRouter302 console verify leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1520 InHand Networks InRouter302 console verify leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-26023 SUMMARY A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A...
InHand Networks InRouter302 console infactory_wlan command injection vulnerability
Summary An OS command injection vulnerability exists in the console infactorywlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Test...
WPS Office HtmTableAlt use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to...
Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1434 Sound Exchange libsox sphere.c startread heap-based buffer overflow vulnerability March 23, 2022 CVE Number CVE-2021-40426 SUMMARY A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 a...
Sealevel Systems, Inc. SeaConnect 370W MQTTS Certificate Validation vulnerability
Summary A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. Tested Versions Sealevel Systems, Inc. SeaConnect 370...
Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability
Summary When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
Dream Report ODS Remote Connector privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
Dream Report platform privilege escalation vulnerability
Summary Multiple privilege escalation vulnerabilities exist in Dream Report 5 R20-2. A specially crafted executable can cause elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Dream Report 5 R20-2 Product URLs https://dreamreport.net/...
Accusoft ImageGear PSD Header processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.8...
phpGACL database multiple SQL injection vulnerabilities
Summary Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OpenEMR 5.0.2 OpenEMR development version 6.0.0 commit...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Logical Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1084 Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6146 SUMMARY An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Wh...
WAGO PFC200 Cloud Connectivity TimeoutUnconfirmed Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WA...
Adobe Acrobat Reader DC Javascript Field Name Information Leak
Summary A specific JavaScript code embedded in a PDF file can lead to information leak when opening a PDF document in Adobe Acrobat Reader DC 2019.021.20048. With careful memory manipulation, this can lead to sensitive information disclose which could be abused when exploiting another vulnerabili...
LEADTOOLS libltdic.so DICOM LDicomNet::receive information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger...
Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...