CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.

Publication date: Fri, 25 Oct 2019 22:15:00 +0000

Cyber News related to CVE-2019-14451

CVE-2019-14451 - RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external ...
5 years ago

CVE-2019-14450 - A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker ...
5 years ago

CVE-2018-14451 - An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp. ...
4 years ago

CVE-2017-14451 - An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in ...
4 years ago

CVE-2020-14451 - An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. ...
3 years ago

CVE-2019-1015 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1016 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-0977 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-1009, ...
5 years ago

CVE-2019-1013 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1046 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1050 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1049 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1048 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1047 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1010 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1011 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1012 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-1009 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, ...
5 years ago

CVE-2019-0968 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0977, CVE-2019-1009, ...
4 years ago

CVE-2019-18299 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

CVE-2019-18298 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

CVE-2019-18291 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

CVE-2019-18292 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

CVE-2019-18294 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

CVE-2019-18290 - A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This ...
2 years ago

Latest Cyber News

Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 1 hour ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 2 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 4 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 5 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 6 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 6 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 6 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 9 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 9 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 9 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 10 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 11 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 13 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 13 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 13 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 13 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 15 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 15 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 15 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 15 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 1 hour ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 2 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 4 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 5 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 6 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 6 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 6 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 9 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 9 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 9 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 10 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 11 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 13 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 15 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 15 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 13 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 13 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 15 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 15 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 13 hours ago