There’s a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.
>> CATEGORY: exploit
C2Box versions 4.0.0(r19171) and below suffer from a validation bypass vulnerability.
D-Link DVG-5402SP with firmware RU_1.01 suffers from brute force and cross site request forgery vulnerabilities.
Cogent Datahub versions 7.3.9 and below suffer from a gamma script elevation of privilege vulnerability.
TallSoft SNMP TFTP server version 1.0.0 suffers from a denial of service vulnerability.
Trend Micro Deep Discovery versions 3.7 and 3.8 suffer from multiple cross site request forgery vectors. If an authenticated user visits a malicious webpage attackers will have ability to modify…
The wireless driver for the Android One (sprout) devices has a bad copy_from_user in the handling for the wireless driver socket private read ioctl IOCTL_GET_STRUCT with subcommand PRIV_CMD_SW_CTRL. This ioctl…
The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used,…
At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the…
The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request…