Category Archives: Advisories

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1225: Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

September 14, 2022

Read Time:11 Second

Advisories

ZDI-22-1224: D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1223: D-Link DIR-2150 xupnpd_generic Plugin Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1222: D-Link DIR-2150 xupnpd ui_upload Command Injection Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1221: D-Link DIR-2150 anweb websocket_data_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1220: D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

September 14, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Advisories

CVE-2020-19586

September 14, 2022

Read Time:6 Second

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

Advisories

CVE-2020-19587

September 14, 2022

Read Time:8 Second

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

Advisories

CVE-2021-36568

September 13, 2022

Read Time:18 Second

In certain Moodle products after creating a course, it is possible to add in a arbitrary “Topic” a resource, in this case a “Database” with the type “Text” where its values “Field name” and “Field description” are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

News, Advisories and much more

Exit mobile version

Cyber Security News

Category Archives: Advisories

ZDI-22-1226: Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZDI-22-1225: Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZDI-22-1224: D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability

ZDI-22-1223: D-Link DIR-2150 xupnpd_generic Plugin Command Injection Remote Code Execution Vulnerability

ZDI-22-1222: D-Link DIR-2150 xupnpd ui_upload Command Injection Remote Code Execution Vulnerability

ZDI-22-1221: D-Link DIR-2150 anweb websocket_data_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-22-1220: D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2020-19586

CVE-2020-19587

CVE-2021-36568

News, Advisories and much more