EXODUS BLOG

Advisories

Xerox DocuShare AMI Pro File Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-db4e064b A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of AMI Pro...

Xerox DocuShare WordPerfect Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-c728d1ef A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of containers embedded...

Xerox DocuShare AMI Pro p-tag Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-6185db3e A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of “<:p tags”...

ZyXEL Armor Cross-Site Request Forgery Vulnerability

FEBRUARY 22, 2022

EIP-521a3b40 A cross-site request forgery vulnerability exists within the ZyXEL Armor Z1 AC2350 and Z2 AC2600 series. Exploitation of the vulnerability allows for attackers to run arbitrary commands on vulnerable versions of the firmware...

ZyXEL Armor Photobak Command Injection Vulnerability

FEBRUARY 22, 2022

EIP-c624ba9f A command-injection vulnerability exists within the ZyXEL Armor Z1 AC2350 series. The vulnerable endpoint is within the ‘photobak’ component found in the cgi-bin. Exploitation of the vulnerability allows for remote unauthenticated attackers to...

Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability

FEBRUARY 2, 2022

EIP-1a8a439f A vulnerability exists in Zlibc that allows a local attacker to execute arbitrary code with elevated privileges through manipulation of the LD_ZLIB_CONFFILE and LD_ZLIB_UNCOMPRESSOR environment variables when calling setuid binaries. Vulnerability Identifiers Exodus...

Arris SURFboard SSDP Command Injection Vulnerability

FEBRUARY 2, 2022

EIP-55f127ea A vulnerability exists within Arris SURFboard’s handling of Simple Service Discovery Protocol (SSDP) messages. A specially crafted NOTIFY message with a LOCATION header can result in a command injection under the context of...