2224 matches found
GPAC Project Advanced Content MPEG-4 Decoding multiple integer addition overflow vulnerabilities
Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer...
Foxit Reader JavaScript media openPlayer type confusion vulnerability
Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...
Investintech Able2Extract Professional BMP decoding biClrUsed code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending t...
YouPHPTube Encoder base64Url multiple command injections
Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...
Aspose Aspose.Words for C++ EnumMetaInfo Code Execution Vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words for C++, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malforme...
Foscam IP Video Camera devMng Multi-Camera Port 10000 Command 0x0002 Username Field Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. Tested Versions...
SDL_image XPM image color code code execution vulnerability
Summary An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow,...
CUJO Smart Firewall dhcpd.conf verified boot bypass
Summary An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this...
Mozilla Firefox MediaCacheStream::NotifyDataReceived use-after-free vulnerability
Summary A potential remote code execution vulnerability exists in the MediaCacheStream::NotifyDataReceived method of Mozilla Firefox 89.0.3 x64. A specially-crafted web page can cause a use-after-free vulnerability potentially resulting in a code execution. A victim needs to visit a malicious...
ProcessMaker sort parameter multiple SQL Injection Vulnerabilities
Summary Multiple SQL injection vulnerabilities exist in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions ProcessMaker 3.4.11...
Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities
Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...
Synology DSM findhostd unencrypted credentials disclosure vulnerability
Summary An information disclosure vulnerability exists in the findhostd authentication functionality of Synology DSM 6.2.3 25426 DS120j. Using an application e.g. Synology Assistant can lead to information disclosure of administrator credentials. An attacker can sniff network traffic to trigger...
Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities
Talos Vulnerability Report TALOS-2020-1108 Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities September 23, 2020 CVE Number CVE-2020-13503, CVE-2020-13504, CVE-2020-13505, CVE-2020-13521 Summary Multiple SQL injection vulnerabilities exists in the...
CUJO Smart Firewall safe browsing Host header-parsing firewall bypass vulnerability
Summary An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The “Host” header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit...
Milesight UR32L vtysh_ubus sprintf pattern buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1716 Milesight UR32L vtyshubus sprintf pattern buffer overflow vulnerabilities July 6, 2023 CVE Number...
CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests ...
E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability
Summary A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Test...
Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...
Jenkins Ansible Tower Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testTowerConnection function of the Jenkins Ansible Tower Plugin 0.9.1. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of thi...
VMware Workstation 15 vertex shader functionality denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted vertex shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware gues...
IOBit Advanced SystemCare Ultimate Privileged I/O Read vulnerabilities
Summary An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive...
WAGO e!COCKPIT file path improper input validation vulnerability
Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...
WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service
Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...
Aspose Aspose.Cells for C++ LabelSst Code Execution Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells for C++ 19.1.0. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Network Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Synology SRM dnsExit DDNS provider information disclosure vulnerability
Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...
Synology SRM QuickConnect authentication Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27649 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect authentication functionality of Synology SRM...
Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1511 Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability July 27, 2022 CVE Number CVE-2022-26376 SUMMARY A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and...
Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability
Summary A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a...
W1.fi hostapd CAM table denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CA...
SDL_image PCX Image Code execution Vulnerability
Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
PowerISO DMG File Format Handler memory corruption vulnerability
Summary A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the curre...
Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability
Summary A code execution vulnerability exists in the WebAudio blink::AudioNodeOutput::Pull functionality of Google Chrome 90.0.4405.0 Build 64-bit and 88.0.4324.146 Official version 64-bit. A specially crafted web page can lead to use after free. An attacker could exploit this vulnerability by...
OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...
Intel IGC64.DLL shader functionality ATOMIC_ADD code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
Aspose.PDF for C++ parent generation remote code execution vulnerability
Summary An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger thi...
Blynk inc. Blynk-Library BlynkProtocol<Transp>::processInput() information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. Tested...
Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability
SUMMARY An exploitable out of bounds write exists in the handling of BMP images on Apple OS X and iOS. A crafted BMP document can lead to an out of bounds write resulting in remote code execution. Vulnerability can be triggered via a saved BMP file delivered by other means when opened in any...
Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...
Intuit Quicken Deluxe 2018 for Mac Password Protection Authentication Bypass Vulnerability
Summary An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data withou...
NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Talos Vulnerability Report TALOS-2015-0069 NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability October 21, 2015 CVE Number CVE-2015-7871 Summary Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker’s choosing...
CODESYS Development System ObjectManager.plugin ProfileInformation.ProfileData Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file ...
Pixar Renderman Install Helper Privilege Escalation Vulnerability
Summary A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0’s Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful...
Foscam IP Video Camera CGIProxy.fcgi SoftAP Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration...
Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability
Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...
Reolink RLC-410W "update" firmware checks firmware update vulnerability
Summary A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...
Shimo VPN helper tool writeConfig privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...
Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability
Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...