Lucene search
K
TalosMost viewed

2223 matches found

Talos
Talos
added 2018/10/01 12:0 a.m.499 views

Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader JavaScript page change remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.02848EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/02 12:0 a.m.491 views

Adobe Acrobat Reader DC collab review server remote code execution vulnerability

Summary Specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20040. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

9.3CVSS7.8AI score0.04833EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.486 views

Foxit PDF Reader JavaScript field object isDefaultChecked remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.484 views

Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.5AI score0.03197EPSS
Exploits1
Talos
Talos
added 2017/06/30 12:0 a.m.477 views

Dell Precision Optimizer Local Privilege Escalation Vulnerability

Summary An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege...

7.8CVSS7.5AI score0.01166EPSS
Exploits2
Talos
Talos
added 2017/06/19 12:0 a.m.469 views

Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...

8.8CVSS9.2AI score0.07802EPSS
Exploits2
Talos
Talos
added 2016/09/30 12:0 a.m.467 views

Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability

Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...

9.8CVSS0.3AI score0.14834EPSS
Exploits2
Talos
Talos
added 2024/09/11 12:0 a.m.443 views

Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability

Talos Vulnerability Report TALOS-2024-1980 Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability September 11, 2024 CVE Number CVE-2024-38257 SUMMARY An information disclosure vulnerability exists in the AllJoyn Router Service in Microsoft Windows 10 version...

7.5CVSS8.4AI score0.04469EPSS
Exploits0
Talos
Talos
added 2018/03/28 12:0 a.m.434 views

Allen Bradley Micrologix 1400 Series B SNMP-Set Processing Incorrect Behavior Order Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power...

7.5CVSS6.1AI score0.29398EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.425 views

Anker Roav A1 Dashcam HTTP Path Overflow Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...

8.8CVSS8.3AI score0.00707EPSS
Exploits0
Talos
Talos
added 2020/04/27 12:0 a.m.390 views

Linux Kernel /proc/pid/syscall information disclosure vulnerability

Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...

5.5CVSS5.5AI score0.011EPSS
Exploits1
Talos
Talos
added 2021/04/21 12:0 a.m.369 views

Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

8.8CVSS7.6AI score0.01467EPSS
Exploits1
Talos
Talos
added 2019/11/15 12:0 a.m.356 views

OpenWrt ustream-ssl certificate verification information leak vulnerability

Talos Vulnerability Report TALOS-2019-0893 OpenWrt ustream-ssl certificate verification information leak vulnerability November 15, 2019 CVE Number CVE-2019-5101,CVE-2019-5102 SUMMARY An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and...

5.9CVSS5.3AI score0.00781EPSS
Exploits2
Talos
Talos
added 2018/11/19 12:0 a.m.356 views

TP-Link TL-R600VPN HTTP server ping address remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to...

8.8CVSS8.2AI score0.02917EPSS
Exploits1
Talos
Talos
added 2019/01/02 12:0 a.m.340 views

Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
Talos
Talos
added 2018/11/19 12:0 a.m.337 views

TP-Link TL-R600VPN HTTP server information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an...

7.5CVSS7.7AI score0.53297EPSS
Exploits1
Talos
Talos
added 2018/03/28 12:0 a.m.334 views

Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability

Summary An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an...

7.5CVSS5.9AI score0.02679EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.333 views

Atlantis Word Processor empty TTableRow TList code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage ...

8.8CVSS7.9AI score0.01458EPSS
Exploits1
Talos
Talos
added 2023/03/21 12:0 a.m.332 views

Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability

Talos Vulnerability Report TALOS-2022-1595 Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability March 21, 2023 CVE Number CVE-2022-38452 SUMMARY A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A...

8.8CVSS8.1AI score0.02089EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.331 views

Atlantis Word Processor JPEG length underflow code execution vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used ...

8.8CVSS7.8AI score0.00889EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.330 views

Atlantis Word Processor document endnote reference code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis word processor. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bound...

8.8CVSS8AI score0.0128EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.328 views

Advantech R-SeeNet ping.php OS Command Injection vulnerability

Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

10CVSS9.8AI score0.69631EPSS
Exploits1
Talos
Talos
added 2019/10/30 12:0 a.m.325 views

YouPHPTube /objects/video.php getVideo search code execution vulnerability

Summary An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the “VideoTags” plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could...

8.9CVSS8.6AI score0.01527EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.319 views

Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability

Summary An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. Tested Version...

7.8CVSS7.6AI score0.01202EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.319 views

Atlantis Word Processor Windows Enhanced Metafile Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries ...

8.8CVSS7.9AI score0.01021EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.311 views

Foxit PDF Reader JavaScript this.bookmarkRoot.children remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.2AI score0.06043EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.309 views

Schneider Electric Modicon M580 UMAS write system coils and holding registers denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS write system coils and holding registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a...

7.5CVSS7.7AI score0.01582EPSS
Exploits1
Talos
Talos
added 2017/03/09 12:0 a.m.308 views

Apple OS X and iOS x509 certificate parsing Name Constraints Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the x509 certificate validation functionality in Apple macOS Sierra 10.12.3 release and 10.12.4 public beta versions and iOS 10.2.1. A specially crafted x509 certificate can trigger a use-after-free vulnerability potentially resulting ...

9.3CVSS8.9AI score0.03019EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.306 views

Foxit PDF Reader JavaScript this.info multiple remote code execution vulnerabilities

Summary A total of six separate use-after-free vulnerabilities exist in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker...

8CVSS8.1AI score0.02895EPSS
Exploits0
Talos
Talos
added 2020/02/11 12:0 a.m.302 views

Microsoft Office Excel Ordinal43 code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in Excel in Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86, version 1902, build 11328.20480. A specially crafted XLS file can cause a use after free condition, resulting i...

9.3CVSS8.9AI score0.15168EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.302 views

Schneider Electric Modicon M580 FTP incomplete firmware update denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially crafted set of FTP commands can cause the device to enter a recoverable fault state,...

4.9CVSS5.3AI score0.00959EPSS
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.297 views

Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability

Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings’ remote servers, which insecurely handle JSON messages, leading to partially controll...

8.6CVSS8.6AI score0.01223EPSS
Exploits2
Talos
Talos
added 2018/11/19 12:0 a.m.295 views

TP-Link TL-R600VPN HTTP Server fs directory Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP...

7.2CVSS7.6AI score0.03928EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.291 views

Foxit PDF Reader JavaScript JSON.Stringify this remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.290 views

Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.5AI score0.03039EPSS
Exploits1
Talos
Talos
added 2016/01/19 12:0 a.m.290 views

Network Time Protocol Skeleton Key: Symmetric Authentication Impersonation Vulnerability

CERT VU357792 Summary Symmetric key encryption requires a single trusted key to be specified for each server configuration. A key specified only for one server should only work to authenticate that server, other trusted keys should be refused. Instead we observe that when symmetric key...

7.9AI score
Exploits0
Talos
Talos
added 2019/12/03 12:0 a.m.289 views

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.6AI score0.02289EPSS
Exploits1
Talos
Talos
added 2018/06/12 12:0 a.m.286 views

Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Summary An exploitable heap corruption exists in the LoadIntegrityInfo function of wimgapi version 10.0.16299.15 WinBuild.160101.0800. A crafted WIM image can lead to a heap corruption, resulting in direct code execution. Tested Versions WIMGAPI 10.0.16299.15 WinBuild.160101.0800 Product URLs...

7.8CVSS7.1AI score0.24706EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.284 views

Foxit PDF Reader JavaScript this.dataObjects remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.2AI score0.06219EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.280 views

Foscam IP Video Camera devMng Multi-Camera Port 10001 Command 0x0064 Empty AuthResetKey Vulnerability

Summary A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Tested Versio...

9.8CVSS9.8AI score0.01902EPSS
Exploits2
Talos
Talos
added 2019/06/10 12:0 a.m.279 views

Schneider Electric Modicon M580 UMAS function code 0x28 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x28 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.01821EPSS
Exploits1
Talos
Talos
added 2018/11/19 12:0 a.m.278 views

TP-Link TL-R600VPN HTTP server denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an...

7.5CVSS7.4AI score0.23061EPSS
Exploits1
Talos
Talos
added 2021/04/13 12:0 a.m.268 views

OpenClinic GA web portal multiple SQL injection vulnerabilities in 'listImmoLabels.jsp' page

Summary A number of exploitable SQL injection vulnerabilities exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

8.8CVSS8.1AI score0.00806EPSS
Exploits3
Talos
Talos
added 2021/04/13 12:0 a.m.267 views

OpenClinic GA web portal SQL injection vulnerability in 'statistics/quickFile.jsp' page

Summary An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product...

8.8CVSS7.9AI score0.01037EPSS
Exploits1
Talos
Talos
added 2016/01/19 12:0 a.m.265 views

Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability

CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...

5.3CVSS6.8AI score0.06255EPSS
Exploits2
Talos
Talos
added 2021/07/15 12:0 a.m.263 views

Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities

Summary Multiple cross-site scripting vulnerabilities exist in the devicegraphpage.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits specially crafted URLs, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An...

9.6CVSS6.8AI score0.63415EPSS
Exploits2
Talos
Talos
added 2021/07/15 12:0 a.m.261 views

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

9.8CVSS8.9AI score0.03705EPSS
Exploits1
Talos
Talos
added 2021/04/13 12:0 a.m.259 views

OpenClinic GA web portal multiple SQL injection vulnerabilities in 'patientslist.do' page

Summary A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

8.8CVSS8.1AI score0.00806EPSS
Exploits3
Total number of security vulnerabilities2223