2223 matches found
Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Foxit PDF Reader JavaScript page change remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Adobe Acrobat Reader DC collab review server remote code execution vulnerability
Summary Specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20040. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Foxit PDF Reader JavaScript field object isDefaultChecked remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Dell Precision Optimizer Local Privilege Escalation Vulnerability
Summary An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege...
Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...
Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability
Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...
Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1980 Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability September 11, 2024 CVE Number CVE-2024-38257 SUMMARY An information disclosure vulnerability exists in the AllJoyn Router Service in Microsoft Windows 10 version...
Allen Bradley Micrologix 1400 Series B SNMP-Set Processing Incorrect Behavior Order Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power...
Anker Roav A1 Dashcam HTTP Path Overflow Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...
Linux Kernel /proc/pid/syscall information disclosure vulnerability
Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...
Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
OpenWrt ustream-ssl certificate verification information leak vulnerability
Talos Vulnerability Report TALOS-2019-0893 OpenWrt ustream-ssl certificate verification information leak vulnerability November 15, 2019 CVE Number CVE-2019-5101,CVE-2019-5102 SUMMARY An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and...
TP-Link TL-R600VPN HTTP server ping address remote code execution vulnerability
Summary An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to...
Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
TP-Link TL-R600VPN HTTP server information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an...
Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability
Summary An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an...
Atlantis Word Processor empty TTableRow TList code execution vulnerability
Summary An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage ...
Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability
Talos Vulnerability Report TALOS-2022-1595 Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability March 21, 2023 CVE Number CVE-2022-38452 SUMMARY A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A...
Atlantis Word Processor JPEG length underflow code execution vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used ...
Atlantis Word Processor document endnote reference code execution vulnerability
Summary An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis word processor. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bound...
Advantech R-SeeNet ping.php OS Command Injection vulnerability
Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...
YouPHPTube /objects/video.php getVideo search code execution vulnerability
Summary An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the “VideoTags” plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could...
Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability
Summary An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. Tested Version...
Atlantis Word Processor Windows Enhanced Metafile Code Execution Vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries ...
Foxit PDF Reader JavaScript this.bookmarkRoot.children remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Schneider Electric Modicon M580 UMAS write system coils and holding registers denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS write system coils and holding registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a...
Apple OS X and iOS x509 certificate parsing Name Constraints Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the x509 certificate validation functionality in Apple macOS Sierra 10.12.3 release and 10.12.4 public beta versions and iOS 10.2.1. A specially crafted x509 certificate can trigger a use-after-free vulnerability potentially resulting ...
Foxit PDF Reader JavaScript this.info multiple remote code execution vulnerabilities
Summary A total of six separate use-after-free vulnerabilities exist in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker...
Microsoft Office Excel Ordinal43 code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in Excel in Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86, version 1902, build 11328.20480. A specially crafted XLS file can cause a use after free condition, resulting i...
Schneider Electric Modicon M580 FTP incomplete firmware update denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially crafted set of FTP commands can cause the device to enter a recoverable fault state,...
Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability
Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings’ remote servers, which insecurely handle JSON messages, leading to partially controll...
TP-Link TL-R600VPN HTTP Server fs directory Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP...
Foxit PDF Reader JavaScript JSON.Stringify this remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Network Time Protocol Skeleton Key: Symmetric Authentication Impersonation Vulnerability
CERT VU357792 Summary Symmetric key encryption requires a single trusted key to be specified for each server configuration. A key specified only for one server should only work to authenticate that server, other trusted keys should be refused. Instead we observe that when symmetric key...
Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability
Summary An exploitable heap corruption exists in the LoadIntegrityInfo function of wimgapi version 10.0.16299.15 WinBuild.160101.0800. A crafted WIM image can lead to a heap corruption, resulting in direct code execution. Tested Versions WIMGAPI 10.0.16299.15 WinBuild.160101.0800 Product URLs...
Foxit PDF Reader JavaScript this.dataObjects remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foscam IP Video Camera devMng Multi-Camera Port 10001 Command 0x0064 Empty AuthResetKey Vulnerability
Summary A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Tested Versio...
Schneider Electric Modicon M580 UMAS function code 0x28 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x28 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...
TP-Link TL-R600VPN HTTP server denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an...
OpenClinic GA web portal multiple SQL injection vulnerabilities in 'listImmoLabels.jsp' page
Summary A number of exploitable SQL injection vulnerabilities exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...
OpenClinic GA web portal SQL injection vulnerability in 'statistics/quickFile.jsp' page
Summary An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product...
Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability
CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...
Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the devicegraphpage.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits specially crafted URLs, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An...
Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability
Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...
OpenClinic GA web portal multiple SQL injection vulnerabilities in 'patientslist.do' page
Summary A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...