Insteon Hub PubNub "ad" Channel Message Handler Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the PubNub message handler for the “ad” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...

Insteon Hub MPFS Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability

Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the kind of firmware image that is...

Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary...

Insteon Hub Reboot Task Denial Of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send an UDP packet to trigger this vulnerability. Tested Versions Insteon Hub...

Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger...

Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...

Pixar Renderman IT Display Service 0x69 Command Denial-of-Service Vulnerability

Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...

Pixar Renderman IT Display Service 0x67 Command Denial of Service Vulnerability

Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer...

Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Summary An exploitable heap corruption exists in the LoadIntegrityInfo function of wimgapi version 10.0.16299.15 WinBuild.160101.0800. A crafted WIM image can lead to a heap corruption, resulting in direct code execution. Tested Versions WIMGAPI 10.0.16299.15 WinBuild.160101.0800 Product URLs...

Ocularis Recorder VMS_VA Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. Test...

Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

Natus Xltek EEG NeuroWorks ItemList Traversal Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

Natus Xltek EEG NeuroWorks Invalid KeyTree Entry Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability

Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...

Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability

Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...

Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities

Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...

Hyland Perceptive Document Filters DOCX to HTML Code Execution Vulnerability

Summary An exploitable use after free exists in the DOCX to HTML conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted DOCX document can lead to a use-after-free resulting in direct code execution. Tested Versions Perceptive Document Filters 11.4.0.264...

Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. Tested Versions Perceptive Document...

Hyland Perceptive Document Filters OpenDocument to JPEG conversion SkCanvas Code Execution vulnerability

Summary An exploitable double free exists in the OpenDocument to JPEG conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Tested Versions Perceptive...

Hyland Perceptive Document Filters Microsoft Word CDATA Code Execution Vulnerability

Summary An exploitable heap corruption exists in the Microsoft Word to many types conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted Microsoft Word XML document can lead to heap corruption resulting in remote code execution. An attacker can provide ...

SAP BPC Web Application Information Disclosure Vulnerability

Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...

Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

SAP BPC Web Application Information Disclosure Vulnerability

Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HT...

Foxit PDF Reader AssociatedFile Annotation Type Confusion

Summary An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory...

Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to tric...

Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...

Moxa EDR-810 Cleartext Transmission of Password Vulnerability

Summary An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...

Moxa EDR-810 Web Server URI Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this...

Moxa EDR-810 Plaintext Password Storage Vulnerability

Summary An password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. Tested Versions Moxa EDR-810 V4.1 build 17030317 Product URLs...

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...

Moxa EDR-810 Web Server Weak Cryptography for Passwords Vulnerability

Summary An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Tested Versions Moxa EDR-810 V4.1 build 17030317 Product URLs...

Moxa EDR-810 Server Agent Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Tested Versions Moxa...

Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities

Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to “/MOXALOG.ini, /MOXACFG.ini, o...

Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities

Summary Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability. Tested Version...

Moxa EDR-810 Web Server ping Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability

Summary An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Tested Versions Mo...

NASA CFITSIO `ffghbn` and `ffghtb` Stack Overflow Code Execution Vulnerabilities

Summary Exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...

NASA CFITSIO Multiple Stack Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...

NASA CFITSIO `ffgkyn` Stack Overflow Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...

Computerinsel Photoline PCX Color Map Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Computerinsel Photoline TIFF Samples Per Pixel Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

Computerinsel Photoline TIFF Bits Per Pixel Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

Computerinsel Photoline PCX Decompress Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Computerinsel Photoline PSD Blending Channels Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD parsing functionality of Computerinsel Photoline 20.53. A specially crafted PSD document processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PSD document to trigger this...