An attacker can send an HTTP GET request to trigger this vulnerability.Īn exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.Īn exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).Īn exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. Users are advised to upgrade as soon as possible. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability affects Parse Server in the default configuration with MongoDB. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. Parse Server is an open source http web server backend. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. From log4j 2.15.0, this behavior has been disabled by default. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. A specially crafted network request can lead to an out-of-bounds read.Īpache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker could send an HTTP request to exploit this vulnerability.Īn information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. The flaw lies in the way the safe browsing function parses HTTP requests. An attacker can send a malicious POST request to trigger this vulnerability.Īn exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.Īn exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.Ī buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |