| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28293. |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28322. |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11. |
| An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Internet Explorer Remote Code Execution Vulnerability |
| Microsoft Office OneNote Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| GDI+ Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
