2218 matches found
Antenna House Office Server Document Converter vbputanld code execution vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...
Antenna House Office Server Document Converter putlsttbl code execution vulnerability
Summary An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to a stack-based buffer overflow,...
Adobe Acrobat Reader DC Collab.drivers Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to an object type confusion when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Antenna House Office Server Document Converter vbgetfp code execution vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Antenna House Office Server Document Converter GetShapePropery 0x105 code execution vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Adobe Acrobat Reader DC Collab newWrStreamToCosObj Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to an object type confusion when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Antenna House Office Server Document Converter putShapeProperty Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
IBM AIX rmsock SetUID Binary Information Leak
Summary An exploitable kernel memory leak vulnerability is exposed by the rmsock setUID functionality of IBM AIX 6.1 and IBM AIX 7.1. A specially crafted command line can cause a kernel memory leak, resulting in uninitialized kernel memory being exposed. An attacker can execute rmuser with an...
VMware Workstation 14 Shader Functionality Denial Of Service
Summary An exploitable denial-of-service vulnerability exists in the VMware Workstation 14. A specially crafted pixel shader can cause a read access violation resulting in, at least, denial of service. An attacker can provide a specially crafted shader file either in binary or text form to trigge...
Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger...
Insteon Hub PubNub "cc" Channel Message Handler Multiple Stack Overflow Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An...
Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability
Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the kind of firmware image that is...
Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary...
Insteon Hub HTTPExecuteGet Firmware Update Information Leak Vulnerability
Summary An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can sen...
Insteon Hub PubNub Firmware Downgrade Vulnerability
Summary An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the firmware version that is going to be...
Insteon Hub PubNub "ad" Channel Message Handler Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the PubNub message handler for the “ad” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Insteon Hub Reboot Task Denial Of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send an UDP packet to trigger this vulnerability. Tested Versions Insteon Hub...
Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...
Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...
Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...
Insteon Hub MPFS Upload Firmware Update Vulnerability
Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...
Pixar Renderman IT Display Service 0x69 Command Denial-of-Service Vulnerability
Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...
Pixar Renderman IT Display Service 0x67 Command Denial of Service Vulnerability
Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer...
Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability
Summary An exploitable heap corruption exists in the LoadIntegrityInfo function of wimgapi version 10.0.16299.15 WinBuild.160101.0800. A crafted WIM image can lead to a heap corruption, resulting in direct code execution. Tested Versions WIMGAPI 10.0.16299.15 WinBuild.160101.0800 Product URLs...
Ocularis Recorder VMS_VA Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. Test...
Natus Xltek EEG NeuroWorks Invalid KeyTree Entry Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
Natus Xltek EEG NeuroWorks ItemList Traversal Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability
Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...
Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability
Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...
Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. Tested Versions Perceptive Document...
Hyland Perceptive Document Filters OpenDocument to JPEG conversion SkCanvas Code Execution vulnerability
Summary An exploitable double free exists in the OpenDocument to JPEG conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Tested Versions Perceptive...
Hyland Perceptive Document Filters Microsoft Word CDATA Code Execution Vulnerability
Summary An exploitable heap corruption exists in the Microsoft Word to many types conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted Microsoft Word XML document can lead to heap corruption resulting in remote code execution. An attacker can provide ...
Hyland Perceptive Document Filters DOCX to HTML Code Execution Vulnerability
Summary An exploitable use after free exists in the DOCX to HTML conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted DOCX document can lead to a use-after-free resulting in direct code execution. Tested Versions Perceptive Document Filters 11.4.0.264...
SAP BPC Web Application Information Disclosure Vulnerability
Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...
Foxit PDF Reader AssociatedFile Annotation Type Confusion
Summary An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory...
Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
SAP BPC Web Application Information Disclosure Vulnerability
Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HT...
Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to tric...
Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability
Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...
Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability
Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...
Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability
Summary An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Tested Versions Mo...
Moxa EDR-810 Server Agent Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Tested Versions Moxa...
Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...
Moxa EDR-810 Web Server Weak Cryptography for Passwords Vulnerability
Summary An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Tested Versions Moxa EDR-810 V4.1 build 17030317 Product URLs...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities
Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to “/MOXALOG.ini, /MOXACFG.ini, o...