You are here

Displaying 1 - 20 of 4957

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An Use-After-Free vulnerability exists in Adobe Reader and Acrobat due to incorrect manipulation of objects in memory. The vulnerability exists in AcroForm.api dynamic library and may be triggered by a Field object that begins with an UTF-16 BE BOM sequence. An attacker may execute arbitrary code on a victims system by enticing the victim to open a crafted PDF file.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

A remote command injection exists in multiple TP-Link Cloud Camera devices NC2XX due to lack of user input sanitization. By sending a crafted sysname POST parameter to /setsysname.fcgi path, a remote authenticated commander may execute arbitrary commands on the target system.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

An information disclosure vulnerability has been reported in the Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted QuickTime media file. Successful exploitation could result in the execution of arbitrary code within the context of...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Spidermonkey, the Javascript engine of Mozilla Firefox. An attacker can craft Javascript promise resolutions in such a way that make it possible to cause an out-of-bounds read off the end of an array resized during script execution. This can lead to a denial of service or potentially allow for remote code execution to occur.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via a crafted HTTP request. A remote attacker can use this vulnerability to either execute shell commands under root privileges on versions before 1.0.19.20 or inject HTML in password recovery emails on versions before 1.0.20.17.

CVSS: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

An image injection vulnerability exists in Oracle iPlanet Web Server versions 7.0.x, due to poor productNameSrc HTTP parameter sanitization. By tricking an admin to follow a crafted URL, a remote attacker may perform phishing attacks by injecting a custom image in the admin panel.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

A memory corruption vulnerability has been reported in Adobe Type Manager component of Microsoft Windows. The vulnerability is due to improper handling of specially crafted BlendDesignPositions array in multiple master Type 1 fonts. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted font file. Successful exploitation could result either in the execution of...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

An information disclosure vulnerability exists in Oracle iPlanet Web Server versions 7.x and prior. By accessing specific paths related to the admin panel, a remote unauthenticated attacker may obtain sensitive information regarding servers configuration.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for an attacker to execute a cross site scripting attack against the system by performing HTML injection via the sysname parameter. It is then possible to hijack the user session the vulnerable system.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Centreon 19.10. The vulnerability is due to improper validation of the server ip parameter in a HTTP request. An authenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the groupname parameter. It is possible to execute system commands as a root user on a vulnerable device.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted QuickTime media file. Successful exploitation could result in the execution of arbitrary code within the context of the user...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed. It is possible to execute system commands as a root user on a vulnerable device.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

A remote command injection vulnerability exists in D-Link DIR-859 routers due to lack of user input validation. By exploiting the flaw, a remote unauthenticated attacker may execute arbitrary system commands by sending a crafted UPnP SUBSCRIBE request.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

A command injection vulnerability exists in ASUSWRT firmware version 3.0.0.4.382.50624 and earlier. The flaw results from lack of user input validation for HTTP parameters on the appGet.cgi path. By sending a crafted hook parameter, a remote attacker may execute arbitrary OS commands as the root user.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the password parameter. It is possible to execute system commands as a root user on a vulnerable device.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted ASF media file. Successful exploitation could result in the execution of arbitrary code within the context of the user running...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An out-of-bounds read vulnerability exists in OpenSMTPD versions before 6.6.4 due to a logical flaw, causing a server to read multi-line error messages. The attacker-controlled message error may contain directives that get stored in an envelope file, then executed by the vulnerable server. An attacker may obtain command execution or escalate privileges by either causing a vulnerable server to bounce...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An unauthenticated remote command injection vulnerability exists in DrayTek Vigor2960 1.3.1 Beta, Vigor3900 1.4.4 Beta, Vigor300B 1.3.3 Beta, 1.4.2.1 Beta and 1.4.4 Beta routers, due to lack of user input sanitization. By sending a crafted keyPath HTTP parameter, a remote unauthenticated attacker may execute commands as the systems superuser.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari WebKit. Specifically the vulnerability exists in WebKits WebCore::RenderObject::previousSibling method. An attacker can craft javascript in such a way that when invoking the create method in a form a Use-After-Free condition can occur. This can lead to a denial of service or potentially allow for remote code execution on the vulnerable system....

Pages