2224 matches found
WAGO PFC200 Cloud Connectivity TimeoutUnconfirmed Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WA...
WAGO e!Cockpit network communication cleartext transmission vulnerability
Summary A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...
WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...
Zoom conference room connector service insufficient session invalidation
Summary Zoom Conference Room Connector services perform insufficient session invalidation upon certain user administration tasks which enable a demoted or deleted user to still access the room administration interface. If a user has administrative access to the connected device and if this access...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
Webkit AudioSourceProviderGStreamer use-after-free vulnerability
Summary A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. Tested Versions Webkit WebKitGTK 2.30.1 Product URLs https://webkit.org/ CVSSv3 Score 8.8 -...
Synology DSM findhostd unencrypted credentials disclosure vulnerability
Summary An information disclosure vulnerability exists in the findhostd authentication functionality of Synology DSM 6.2.3 25426 DS120j. Using an application e.g. Synology Assistant can lead to information disclosure of administrator credentials. An attacker can sniff network traffic to trigger...
Moxa AWK-3131A Encrypted Diagnostic Script Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An...
Slic3r libslic3r AMF File AMFParserContext::endElement() out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this...
Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...
Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...
Moxa AWK-3131A iw_webs hostname Authentication Bypass Vulnerability
Summary An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. A...
Moxa AWK-3131A WAP Hostname Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An...
Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability
Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...
Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker ca...
Moxa AWK-3131A ServiceAgent denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send th...
Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability
Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...
Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key
Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...
Moxa AWK-3131A iw_console Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...
Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...
CoTURN HTTP Server POST-parsing information leak vulnerability
Summary An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Teste...
CoTURN HTTP Server POST-parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Tested Versions...
Apple Safari FontFaceSet Remote Code Execution Vulnerability
Summary A type confusion vulnerability exists in the Fonts feature of Apple Safari version 13.0.3. A specially crafted HTML web page can cause a type confusion, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web pag...
Microsoft Media Foundation IMFASFSplitter::Initialize Code Execution Vulnerability
Summary An exploitable type confusion vulnerability exists in the mfasfsrcsnk.dll of Microsoft Media Foundation 10.0.18362.207. A specially crafted ASF file can cause type confusion, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
Windows 10 win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability
Summary A use after free vulnerability exists in Windows 10, Version 10.0.19033.1, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of privileges. This...
Adobe Acrobat Reader DC Javascript Field Name Information Leak
Summary A specific JavaScript code embedded in a PDF file can lead to information leak when opening a PDF document in Adobe Acrobat Reader DC 2019.021.20048. With careful memory manipulation, this can lead to sensitive information disclose which could be abused when exploiting another vulnerabili...
Microsoft Office Excel Ordinal43 code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in Excel in Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86, version 1902, build 11328.20480. A specially crafted XLS file can cause a use after free condition, resulting i...
Accusoft ImageGear PCX uncompress_scan_line buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the uncompressscanline function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide ...
Accusoft ImageGear PCX uncompress_scan_line buffer copy operation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the uncompressscanline function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide ...
Accusoft ImageGear JPEG SOFx Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...
Accusoft ImageGear TIFF tifread code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to...
Accusoft ImageGear JPEG jpegread precision code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...
Accusoft ImageGear BMP bmp_parsing buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the bmpparsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...
Accusoft ImageGear TIFF TIF_read_stripdata code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Talos Vulnerability Report TALOS-2019-0977 Mini-SNMPD socket disconnect denial-of-service vulnerability February 3, 2020 CVE Number CVE-2020-6060 Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP...
Mini-SNMPD decode_cnt information leak vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger th...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate...
Mini-SNMPD decode_int Information Leak Vulnerability
Talos Vulnerability Report TALOS-2019-0976 Mini-SNMPD decodeint Information Leak Vulnerability February 3, 2020 CVE Number CVE-2020-6059 Summary An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request c...
Mini-SNMPD decode_int Information Leak Vulnerability
Summary An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger...
Accusoft ImageGear PNG pngread width code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...
AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
Summary An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially...
AMD ATI Radeon ATIDXX64.DLL shader functionality constant buffer denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
Foxit PDF Reader JavaScript field keystroke action remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user t...
Foxit PDF Reader Javascript createTemplate Invalid Page Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader JavaScript field action OnBlur remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader Javascript Field Action Validate Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability
Summary A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Test...
OpenCV XML Persistence Parser Buffer Overflow Vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially...