2224 matches found
OpenClinic GA unauthenticated command injection vulnerability
Summary An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially...
YouPHPTube /objects/commentAddNew.json.php comments_id SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...
Foscam C1 Webcam FTP Hard Coded Password Vulnerability
Summary Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Tested Versions Foscam C1 Firmware Version...
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...
OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page
Summary An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...
Rukovoditel Project Management App SQL injection vulnerability in the 'forms_fields_rules/rules' page
Summary An exploitable SQL injection vulnerability exists in the ‘formsfieldsrules/rules’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...
Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability
Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...
Atlantis Word Processor open document format unchecked NewAnsiString length remote code execution vulnerability
Summary An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...
Rukovoditel Project Management App application SQL injection vulnerability in the 'access_rules/rules_form' page
Summary An exploitable SQL injection vulnerability exists in the ‘‘accessrules/rulesform’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...
Atlantis Word Processor Huffman table code length remote code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...
Advantech R-SeeNet telnet_form.php Reflected XSS vulnerability
Summary Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can...
Rukovoditel Project Management App application SQL injection vulnerability in the 'global_lists/choices' page
Summary An exploitable SQL injection vulnerability exists in ‘globallists/choices’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
Invincea Dell Protected Workspace Protection Bypass
Summary Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additonal insufficient checks allow any application to turn off some of the protection mechanisms provided by the...
Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability
Summary An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must...
ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability
Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...
WIBU-SYSTEMS WibuKey network server management WkbProgramLow remote code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet ...
Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS Release PLC Reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to invalidate a session without...
Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...
Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability
Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...
Shimo VPN helper tool code-signing privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully...
AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...
Ghost Foundation node-sqlite3 code execution vulnerability
Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...
Apple macOS SMB server create file request uninitialized memory disclosure
Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...
Schneider Electric UnityPro PLC simulator remote code execution vulnerability
Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...
Advantech R-SeeNet ssh_form.php Reflected XSS vulnerability
Summary Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide...
Atlassian Jira CSRF Protections Bypass Vulnerability
Summary An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in...
Schneider Electric Modicon M580 UMAS function code 0x6d multiple denial-of-service vulnerabilities
Summary Multiple denial-of-service vulnerabilities exist in the UMAS protocol functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. Specially crafted UMAS commands can cause the device to enter a non-recoverable fault state, resulting in...
Linux Kernel Arm SIGPAGE information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1243 Linux Kernel Arm SIGPAGE information disclosure vulnerability May 28, 2021 CVE Number CVE-2021-21781 SUMMARY An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...
Synology DSM AppArmor synosearchagent misconfiguration vulnerability
Summary A misconfiguration exists in AppArmor’s synosearchagent profile of Synology DSM 6.2.3 25426 DS120j. A specially crafted kernel module can be loaded, leading to a bypass of AppArmor’s restrictions. An attacker can use insmod to trigger this vulnerability. Tested Versions Synology DSM 6.2.3...
Google Chrome AudioDelayDSPKernel::ProcessKRate heap-based buffer overflow vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists in the Google Chromium browser affecting at least versions 89.0.4383.0 64-bit and 90.0.4390.0 64-bit. A specially crafted HTML web page can cause a heap-based Buffer Overflow condition, resulting in a remote code execution. Th...
Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...
Aspose.PDF for C++ Remote Code Execution Vulnerability
Summary An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free . An attacker can send a malicious PDF to trigger this vulnerability...
Kepware LinkMaster Service privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1147 Kepware LinkMaster Service privilege escalation vulnerability December 16, 2020 CVE Number CVE-2020-13535 Summary A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite...
Schneider Electric Modicon M580 UMAS strategy transfer denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS strategy transfer functionality of the Schneider Electric Modicon M580 programmable automation controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a recoverable fault state,...
Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability
Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...
Foscam IP Video Camera UPnP Discovery Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs ...
Cesanta Mongoose DNS Query Compressed Name Pointer Denial Of Service
Summary An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over network to trigger this vulnerability...
Schneider Electric Modicon M580 UMAS memory block read denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block read function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...
Jenkins Artifactory Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...
AutoDesk AutoCAD 2019 LinetypeTableRecord Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019. A specially crafted DXF file can cause a use-after-free vulnerability, resulting in code execution. Tested Versions AutoDesk AutoCAD 2019 P.46.0.0 Product URLs...
SAP BPC Web Application Information Disclosure Vulnerability
Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...
Circle with Disney Rclient SSH Persistent Remote Access Vulnerability
Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...
Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1586 Asus RT-AX82U getIFTTTTtoken.cgi authentication bypass vulnerability January 10, 2023 CVE Number CVE-2022-35401 SUMMARY An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A...
Dovecot IMAP Server rfc822_parse_domain Information Leak Vulnerability
Summary An exploitable out of bounds read vulnerability exists in the RFC822 parser as implemented in Dovecot IMAP Server 2.2.33.2. A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosu...
WAGO PFC 200 Web-Based Management (WBM) Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web-Based Management WBM functionality of WAGO PFC 200 03.03.1015. A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigg...
McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability
Summary An exploitable blind sql injection vulnerability exists within McAfee’s ePolicy Orchestrator 5.3.0 that is accessible without authentication. A specially crafted HTTP post can allow an aggressor to alter a sql query which can result in disclosure of information within the database or...
Schneider Electric Modicon M580 UMAS write system bits and blocks denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS write system bits and blocks functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a...
Foxit Reader FileAttachment annotation use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...
Shadowsocks-libev ss-manager add_server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...
Insteon Hub PubNub "cc" Channel Message Handler Multiple Stack Overflow Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An...