2224 matches found
OS4Ed openSIS GetSchool.php SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...
OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...
OS4Ed openSIS Modules.php remote code execution vulnerability
Summary A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
OS4Ed openSIS install remote code execution vulnerability
Summary A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.4 Product URLs...
OS4Ed openSIS email parameter SQL injection vulnerability
Summary An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS Validator.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities
Summary Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV2 code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MOV2 functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX...
atftpd daemon Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to...
Microsoft Azure Sphere Capability access control privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1133 Microsoft Azure Sphere Capability access control privilege escalation vulnerability August 24, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the Capability access control functionality of Microsoft Azure Sphere 20.06. A set ...
Google Chrome WebGL code execution vulnerability
Summary A use-after-free read vulnerability exists in Google Chrome 81.0.4044.138 Stable, 84.0.4136.5 Dev and 84.0.4143.7 Canary, when a WebGL component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of...
Microsoft Azure Sphere Normal World application READ_IMPLIES_EXEC personality unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.06. A specially crafted shellcode can cause a process’ heap to become executable. An attacker can execute a shellcode that sets the READIMPLIESEXEC personality to...
Microsoft Azure Sphere uid_map UID uniqueness privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the uidmap functionality of Microsoft Azure Sphere 20.06. A specially crafted uidmap file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uidmap file to trigger this...
Microsoft Azure Sphere Normal World application /proc/thread-self/mem unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...
Internet Systems Consortium's BIND TCP Receive Buffer Length Assertion Check Denial of Service Vulnerability
Summary An assertion failure exists within the Internet Systems Consortium’s BIND server versions 9.16.1 through 9.17.1 when processing TCP traffic via the libuv library. Due to a length specified within a callback for the library, flooding the server’s TCP port used for larger DNS requests AXFR...
ERPNext frappe.desk.reportview.get SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...
SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1122 SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability August 4, 2020 CVE Number CVE-2020-13523 SUMMARY An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I...
SoftPerfect RAM Disk spvve.sys 0x222004 arbitrary file deletion vulnerability
Talos Vulnerability Report TALOS-2020-1121 SoftPerfect RAM Disk spvve.sys 0x222004 arbitrary file deletion vulnerability August 4, 2020 CVE Number CVE-2020-13522 SUMMARY An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O...
Microsoft Azure Sphere Normal World application ptrace unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that uses the ptrace system call to...
Microsoft Azure Sphere asynchronous ioctl denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write a shellcode to trigger this vulnerability. Tested Versions Microsoft Azure...
Microsoft Azure Sphere AF_AZSPIO socket memory corruption vulnerability
Summary A memory corruption vulnerability exists in the AFAZSPIO socket functionality of Microsoft Azure Sphere 20.05. A sequence of socket operations can cause a double-free and out-of-bounds read in the kernel. An attacker can write a shellcode to trigger this vulnerability. Tested Versions...
Microsoft Azure Sphere mtd character device driver privilege escalation vulnerability
Summary An arbitrary flash write vulnerability exists in the mtd character device driver of Microsoft Azure Sphere 20.06. A specially crafted ioctl can bypass file permissions and allow writes to flash by unauthorized users. An attacker can issue a MEMWRITE ioctl to trigger this vulnerability...
Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1131 Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability July 31, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the ASXipFS inode type functionality of Microsoft Azure Sphere 20.06. A specially crafted...
Microsoft Azure Sphere Normal World application /proc/self/mem unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...
Microsoft Azure Sphere kernel message ring buffer Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the kernel message ring buffer functionality of Microsoft Azure Sphere 20.05. Unprivileged users can access the kernel message ring buffer, which can potentially leak sensitive information, such as kernel or userland memory addresses. An...
freeDiameter freeDiameterd Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2020-1030 freeDiameter freeDiameterd Denial of Service Vulnerability July 28, 2020 CVE Number CVE-2020-6098 SUMMARY An exploitable denial of service vulnerability exists in the freeDiameterd functionality of freeDiameter 1.3.2. A specially crafted Diameter request...
Siemens LOGO! Web Server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality DCL_OUTPUT Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be...
Intel IGC64.DLL shader functionality DCL_INDEXABLETEMP code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality RESOURCE Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be...
Intel IGC64.DLL shader functionality ATOMIC_ADD code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
Intel IGC64.DLL Shader Functionality hull shader denial of service vulnerability
Summary An exploitable denial of service vulnerability exists in Intel IGC64.DLL graphics driver. A specially crafted hull shader can cause a NULL pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability could potentially be...
Intel IGC64.DLL Shader Functionality HeapReAlloc code execution vulnerability
Summary An exploitable double free vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted geometry shader can cause a double free vulnerability, leading to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger...
Intel IGC64.DLL Shader Functionality DCL_OUTPUT code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality ROUND_NI Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be...
Intel IGC64.DLL shader functionality realloc code execution vulnerability
Summary An exploitable pointer corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can corrupt a pointer, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger th...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality MOV REG Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in AMD atidxx64.dll graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially coul...
Glacies IceHRM Admin Reports SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability
Summary An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this...
Mozilla Firefox URL mPath Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64. A specially crafted URL object can cause an out-of-bounds read. An attacker can visit a webpage to trigger this...
Leadtools Image Parser Animated Icon Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...
NVIDIA NVWGF2UMX_CFG.DLL shader functionality denial-of-service vulnerability
Summary An exploitable denial of service vulnerability exists in NVIDIA NVWGF2UMXCFG.DLL version 26.21.14.4128 and 26.21.14.4166 on NVIDIA D3D10 and version 441.28 and 441.66 on NVIDIA Quadro K620. A specially crafted pixel shader can cause denial of service issues. An attacker can provide a...
Mozilla Firefox SharedWorkerService Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the SharedWorkerService functionality of Mozilla Firefox 76.0a1 2020-04-01 x64. A specially crafted HTML web page can cause a use after free condition, resulting in a remote code execution. The victim needs to visit malicious web site ...
Microsoft Office Excel PivotField code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in Excel application of Microsoft Office Professional Plus 2016 x86, version 2002, build 12527.20242 and Microsoft Office 365 ProPlus x86, version 1908, build 11929.20606. A specially crafted XLS file can cause a use after free condition,...
WAGO PFC 200 Web-Based Management (WBM) Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web-Based Management WBM functionality of WAGO PFC 200 03.03.1015. A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigg...
Microsoft Office Excel HTML and XML Table Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the HTML and XML Table functionality of Excel in Microsoft Office 2016 Professional Plus, version 2002, build 12527.20242 x86 and Microsoft Office 365 Pro Plus x86, version 1908, build 11929.20606. A specially crafted malformed file ca...
Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...
Siemens LOGO! TDE service "NFSAccess" Upload File Write Vulnerability
Summary An exploitable file write vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can upload or overwrite file content to the local SD card. An attacker can send a sequence of maliciou...
Siemens LOGO! TDE service "DELETEPROG" Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an...