Category Archives: Advisories

ZDI-22-1227: Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

September 14, 2022

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1226: Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

September 14, 2022

Read Time:11 Second

Advisories

ZDI-22-1225: Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

September 14, 2022

Read Time:11 Second

Advisories

ZDI-22-1224: D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1223: D-Link DIR-2150 xupnpd_generic Plugin Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1222: D-Link DIR-2150 xupnpd ui_upload Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1221: D-Link DIR-2150 anweb websocket_data_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1220: D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

CVE-2020-19586

September 14, 2022

Read Time:6 Second

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

Advisories

CVE-2020-19587

September 14, 2022

Read Time:8 Second

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

News, Advisories and much more

Exit mobile version