Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2021/04/13 12:0 a.m.258 views

OpenClinic GA unauthenticated command injection vulnerability

Summary An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially...

10CVSS9.9AI score0.02894EPSS
Exploits1
Talos
Talos
added 2019/10/17 12:0 a.m.257 views

YouPHPTube /objects/commentAddNew.json.php comments_id SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

9.9CVSS8.9AI score0.01389EPSS
Exploits1
Talos
Talos
added 2017/06/19 12:0 a.m.255 views

Foscam C1 Webcam FTP Hard Coded Password Vulnerability

Summary Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Tested Versions Foscam C1 Firmware Version...

9.8CVSS9.4AI score0.02645EPSS
Exploits1
Talos
Talos
added 2017/04/28 12:0 a.m.252 views

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability

Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...

6.8CVSS6.6AI score0.05741EPSS
Exploits4
Talos
Talos
added 2021/04/13 12:0 a.m.251 views

OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page

Summary An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...

8.8CVSS7.9AI score0.01037EPSS
Exploits1
Talos
Talos
added 2021/04/08 12:0 a.m.245 views

Rukovoditel Project Management App SQL injection vulnerability in the 'forms_fields_rules/rules' page

Summary An exploitable SQL injection vulnerability exists in the ‘formsfieldsrules/rules’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...

8.8CVSS7.4AI score0.01507EPSS
Exploits1
Talos
Talos
added 2020/12/08 12:0 a.m.245 views

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability

Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...

7.5CVSS8.1AI score0.01882EPSS
Exploits1
Talos
Talos
added 2018/11/20 12:0 a.m.245 views

Atlantis Word Processor open document format unchecked NewAnsiString length remote code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

8.8CVSS8AI score0.01279EPSS
Exploits1
Talos
Talos
added 2021/04/08 12:0 a.m.243 views

Rukovoditel Project Management App application SQL injection vulnerability in the 'access_rules/rules_form' page

Summary An exploitable SQL injection vulnerability exists in the ‘‘accessrules/rulesform’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...

8.8CVSS7.3AI score0.01507EPSS
Exploits1
Talos
Talos
added 2018/11/20 12:0 a.m.243 views

Atlantis Word Processor Huffman table code length remote code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...

8.8CVSS7.9AI score0.01426EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.242 views

Advantech R-SeeNet telnet_form.php Reflected XSS vulnerability

Summary Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can...

9.6CVSS6.8AI score0.12293EPSS
Exploits1
Talos
Talos
added 2021/04/08 12:0 a.m.242 views

Rukovoditel Project Management App application SQL injection vulnerability in the 'global_lists/choices' page

Summary An exploitable SQL injection vulnerability exists in ‘globallists/choices’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

8.8CVSS7.3AI score0.01507EPSS
Exploits1
Talos
Talos
added 2017/06/30 12:0 a.m.241 views

Invincea Dell Protected Workspace Protection Bypass

Summary Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additonal insufficient checks allow any application to turn off some of the protection mechanisms provided by the...

7.8CVSS7.7AI score0.00614EPSS
Exploits2
Talos
Talos
added 2018/11/20 12:0 a.m.236 views

Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must...

8.8CVSS7.8AI score0.01006EPSS
Exploits1
Talos
Talos
added 2017/04/19 12:0 a.m.236 views

ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability

Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...

8.1CVSS8.4AI score0.0339EPSS
Exploits2
Talos
Talos
added 2019/01/28 12:0 a.m.231 views

WIBU-SYSTEMS WibuKey network server management WkbProgramLow remote code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet ...

10CVSS9.9AI score0.34329EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.227 views

Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS Release PLC Reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to invalidate a session without...

9.8CVSS9.7AI score0.29575EPSS
Exploits1
Talos
Talos
added 2020/10/30 12:0 a.m.225 views

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...

7.1CVSS6.3AI score0.01297EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.225 views

Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability

Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...

9.8CVSS9.7AI score0.03808EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.223 views

Shimo VPN helper tool code-signing privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully...

8.8CVSS8.1AI score0.00443EPSS
Exploits1
Talos
Talos
added 2016/08/11 12:0 a.m.222 views

AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...

7.5CVSS7.4AI score0.29398EPSS
Exploits1
Talos
Talos
added 2023/03/16 12:0 a.m.221 views

Ghost Foundation node-sqlite3 code execution vulnerability

Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...

9.8CVSS9.2AI score0.02356EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.220 views

Apple macOS SMB server create file request uninitialized memory disclosure

Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...

5.9CVSS7.2AI score0.01641EPSS
Exploits0
Talos
Talos
added 2019/06/10 12:0 a.m.219 views

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

9.8CVSS9.9AI score0.08161EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.216 views

Advantech R-SeeNet ssh_form.php Reflected XSS vulnerability

Summary Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide...

9.6CVSS6.8AI score0.14115EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.215 views

Atlassian Jira CSRF Protections Bypass Vulnerability

Summary An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in...

6.5CVSS6.6AI score0.01175EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.215 views

Schneider Electric Modicon M580 UMAS function code 0x6d multiple denial-of-service vulnerabilities

Summary Multiple denial-of-service vulnerabilities exist in the UMAS protocol functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. Specially crafted UMAS commands can cause the device to enter a non-recoverable fault state, resulting in...

7.5CVSS8.1AI score0.03614EPSS
Exploits1
Talos
Talos
added 2021/05/28 12:0 a.m.212 views

Linux Kernel Arm SIGPAGE information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1243 Linux Kernel Arm SIGPAGE information disclosure vulnerability May 28, 2021 CVE Number CVE-2021-21781 SUMMARY An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

4CVSS5.5AI score0.00529EPSS
Exploits1
Talos
Talos
added 2020/04/19 12:0 a.m.212 views

Synology DSM AppArmor synosearchagent misconfiguration vulnerability

Summary A misconfiguration exists in AppArmor’s synosearchagent profile of Synology DSM 6.2.3 25426 DS120j. A specially crafted kernel module can be loaded, leading to a bypass of AppArmor’s restrictions. An attacker can use insmod to trigger this vulnerability. Tested Versions Synology DSM 6.2.3...

8.2CVSS7.5AI score0.00513EPSS
Exploits1
Talos
Talos
added 2021/05/19 12:0 a.m.211 views

Google Chrome AudioDelayDSPKernel::ProcessKRate heap-based buffer overflow vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the Google Chromium browser affecting at least versions 89.0.4383.0 64-bit and 90.0.4390.0 64-bit. A specially crafted HTML web page can cause a heap-based Buffer Overflow condition, resulting in a remote code execution. Th...

8.8CVSS8.9AI score0.0191EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.211 views

Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...

7.5CVSS7.6AI score0.02298EPSS
Exploits1
Talos
Talos
added 2019/09/17 12:0 a.m.209 views

Aspose.PDF for C++ Remote Code Execution Vulnerability

Summary An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free . An attacker can send a malicious PDF to trigger this vulnerability...

8.8CVSS9.1AI score0.02061EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.208 views

Kepware LinkMaster Service privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1147 Kepware LinkMaster Service privilege escalation vulnerability December 16, 2020 CVE Number CVE-2020-13535 Summary A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite...

9.3CVSS8.1AI score0.0066EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.207 views

Schneider Electric Modicon M580 UMAS strategy transfer denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS strategy transfer functionality of the Schneider Electric Modicon M580 programmable automation controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a recoverable fault state,...

7.5CVSS7.8AI score0.03289EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.207 views

Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability

Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...

9.8CVSS9.9AI score0.35039EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.206 views

Foscam IP Video Camera UPnP Discovery Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs ...

7.5CVSS6AI score0.00818EPSS
Exploits3
Talos
Talos
added 2017/10/31 12:0 a.m.206 views

Cesanta Mongoose DNS Query Compressed Name Pointer Denial Of Service

Summary An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over network to trigger this vulnerability...

7.8CVSS7.3AI score0.01428EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.205 views

Schneider Electric Modicon M580 UMAS memory block read denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block read function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

7.5CVSS7.7AI score0.03289EPSS
Exploits1
Talos
Talos
added 2019/06/04 12:0 a.m.204 views

Jenkins Artifactory Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...

4.3CVSS4.4AI score0.01825EPSS
Exploits1
Talos
Talos
added 2019/02/14 12:0 a.m.204 views

AutoDesk AutoCAD 2019 LinetypeTableRecord Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019. A specially crafted DXF file can cause a use-after-free vulnerability, resulting in code execution. Tested Versions AutoDesk AutoCAD 2019 P.46.0.0 Product URLs...

7.8CVSS7.8AI score0.01644EPSS
Exploits0
Talos
Talos
added 2018/04/19 12:0 a.m.203 views

SAP BPC Web Application Information Disclosure Vulnerability

Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...

5.5CVSS6.9AI score0.01192EPSS
Exploits0
Talos
Talos
added 2017/10/31 12:0 a.m.202 views

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

8CVSS7AI score0.00973EPSS
Exploits2
Talos
Talos
added 2023/01/10 12:0 a.m.200 views

Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1586 Asus RT-AX82U getIFTTTTtoken.cgi authentication bypass vulnerability January 10, 2023 CVE Number CVE-2022-35401 SUMMARY An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A...

9CVSS8.2AI score0.20849EPSS
Exploits1
Talos
Talos
added 2018/03/01 12:0 a.m.199 views

Dovecot IMAP Server rfc822_parse_domain Information Leak Vulnerability

Summary An exploitable out of bounds read vulnerability exists in the RFC822 parser as implemented in Dovecot IMAP Server 2.2.33.2. A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosu...

7.1CVSS6.6AI score0.17572EPSS
Exploits0
Talos
Talos
added 2020/06/10 12:0 a.m.198 views

WAGO PFC 200 Web-Based Management (WBM) Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the Web-Based Management WBM functionality of WAGO PFC 200 03.03.1015. A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigg...

9CVSS7.6AI score0.02056EPSS
Exploits0
Talos
Talos
added 2017/02/01 12:0 a.m.198 views

McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability

Summary An exploitable blind sql injection vulnerability exists within McAfee’s ePolicy Orchestrator 5.3.0 that is accessible without authentication. A specially crafted HTTP post can allow an aggressor to alter a sql query which can result in disclosure of information within the database or...

10CVSS9.4AI score0.05749EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.197 views

Schneider Electric Modicon M580 UMAS write system bits and blocks denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS write system bits and blocks functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a...

7.5CVSS7.6AI score0.02236EPSS
Exploits1
Talos
Talos
added 2021/05/06 12:0 a.m.195 views

Foxit Reader FileAttachment annotation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...

8.8CVSS8.9AI score0.01765EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.195 views

Shadowsocks-libev ss-manager add_server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...

7.8CVSS7.9AI score0.00734EPSS
Exploits1
Talos
Talos
added 2018/06/19 12:0 a.m.195 views

Insteon Hub PubNub "cc" Channel Message Handler Multiple Stack Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An...

9.7AI score
Exploits0
Total number of security vulnerabilities2224