2224 matches found
Computerinsel Photoline TGA Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability. Teste...
Corel PHOTO-PAINT X8 64-bit TIFF Filter Code Execution Vulnerability
Summary A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger...
R PDF LoadEncoding Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...
Iceni Argus PDF Uninitialized WordStyle Color Length Code Execution Vulnerability
Summary An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operatio...
Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0147 Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4292 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...
Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2016-0157 Oracle OIT ContentAccess libvsmwkd VwStreamReadRecord Memory Corruption Vulnerability July 19, 2016 CVE Number CVE-2016-3591 Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outsi...
Pidgin MXIT Contact Mood Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0141 Pidgin MXIT Contact Mood Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2373 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0020 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7088 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
Pidgin for Windows URL Handling Remote Code Execution Vulnerability
Talos Vulnerability Report VRT-2013-1003 Pidgin for Windows URL Handling Remote Code Execution Vulnerability January 26, 2014 CVE Number CVE-2013-6486 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of HTTP URL handling. An attacker can supply a...
Wavlink AC3000 nas.cgi set_nas() proftpd Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2053 Wavlink AC3000 nas.cgi setnas proftpd Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39793,CVE-2024-39795,CVE-2024-39794 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionalit...
libigl readMSH improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-1926 libigl readMSH improper array index validation vulnerability May 28, 2024 CVE Number CVE-2024-23948,CVE-2024-23951,CVE-2024-23947,CVE-2024-23950,CVE-2024-23949 SUMMARY Multiple improper array index validation vulnerabilities exist in the readMSH...
Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability
Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...
Accusoft ImageGear pictwread heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1760 Accusoft ImageGear pictwread heap-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-35002 SUMMARY A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted...
Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1530 Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-29511 SUMMARY A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles...
Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_abode_code OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1567 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetabodecode OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-27804 SUMMARY An os command injection vulnerability exists in the web interface utilsetabodecode...
Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 SUMMARY Four format string injection vulnerabilities exist in th...
Open Automation Software Platform Engine SecureConfigValues denial of service vulnerability
Summary A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...
Accusoft ImageGear TIFF YCbCr image parser out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.1...
Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_RSA_KEY_REQUEST authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1379 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETRSAKEYREQUEST authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21952 SUMMARY An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the...
Lantronix PremierWave 2050 Web Manager Applications and FsBrowse local file inclusion vulnerability
Summary A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to...
Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information disclose as well as memory corruption which can lead to...
Nest Labs Openweave Weave tool Print-TLV code execution vulnerability
Summary An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted...
Sierra Wireless AirLink ES450 ACEManager Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...
Pixar Renderman Install Helper Arbitrary File Read Privilege Escalation Vulnerability
Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to...
Adobe Acrobat Reader DC Collab newWrStreamToCosObj Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to an object type confusion when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...
Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...
Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities
Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to “/MOXALOG.ini, /MOXACFG.ini, o...
Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...
VMware VNC Dynamic Resolution Request Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the remote management functionality of VMware . A specially crafted set of VNC packets can cause a heap overflow resulting in heap corruption. An attacker can create a VNC session to trigger this vulnerability. Tested Versions Vase,...
Foscam IP Video Camera devMng Multi-Camera Port 10000 Command 0x0000 Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. Tested...
Circle with Disney Goclient SSL TLD MITM Vulnerability
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
Ledger CLI Account Directive Use-After-Free Vulnerability
Summary An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger th...
Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability
Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability Summary An exploitable use-after-free exists in the PDF parsing functionality of the Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in dire...
Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
AntennaHouse DMC HTMLFilter FillRowFormat Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of AntennaHouse DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...
Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability
Talos Vulnerability Report TALOS-2017-0231 Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability April 21, 2017 Report ID CVE-2016-8717 Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The devic...
Moxa AWK-3131A Web Application Nonce Reuse Vulnerability
Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...
Iceni Argus PDF Font-Encoding GlyphMap Adjustment Code Execution Vulnerability
Summary An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font’s name to a single object within an array of objects. Due to ...
Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability
Summary A use of uninitialized memory vulnerability exists in JPEG image file format decoding code of Adobe Acrobat Reader which ultimately leads to a heap-based buffer overflow which can be abused to achieve remote code execution. A specially crafted PDF file with an embedded JPEG can trigger th...
Aerospike Database Server Index Name Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...
Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0145 Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4290 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...
Apple Image I/O EXR Color Component Remote Code Execution Vulnerability
SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...
Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability
SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...
Libgraphite directrun Opcode Handling Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0058 Libgraphite directrun Opcode Handling Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1521 Description An exploitable out-of-bounds read vulnerability exists in the opcode handling functionality of Libgraphite. A specially crafted font...
Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0057 Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable out-of-bounds access vulnerability exists in the bidirectional font handling functionality of Libgraphite. A...
Network Time Protocol Private Mode 'reslist' NULL Pointer Dereference Vulnerability
Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by causing a NULL pointer dereference. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must exist in the restrict list to...
Network Time Protocol ntpq Control Protocol Replay Vulnerability
CERT VU357792 Summary The ntpq protocol is vulnerable to replay attacks. The sequence number being included under the signature fails to prevent replay attacks for two reasons. Commands that don’t require authentication can be used to move the sequence number forward, and NTP doesn’t actually car...
Network Time Protocol ntpq Special Character Filtering Vulnerability
Summary The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Only back slash and forward slash are currently filtered out. There are other special characters that are allowed in the filename which can cause issues during globbing. In additio...