MITRE ATT&CK — FreeIntelHub

T1190 — Exploit Public-Facing Application (Initial Access)

177 articles found

Zero Day Initiative CVE Feb 19

ZDI-26-121: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-120: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-119: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-118: GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-114: Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-113: Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-112: Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-110: Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to e...

T1190 2 IOCs

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-109: Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-108: Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 18

ZDI-26-107: Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 18

ZDI-26-106: Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Cisco Advisories Vulnerability Disclosure Cisco Feb 13

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco...

T1190

Cisco Advisories →

Zero Day Initiative CVE Feb 13

ZDI-26-105: MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 13

ZDI-26-104: Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 13

ZDI-26-096: Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 13

ZDI-26-095: Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-094: Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-093: Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-092: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information

MITRE ATT&CK Mapping

T1190 — Exploit Public-Facing Application (Initial Access)

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Control

Exfiltration

Impact

Resource Development

Reconnaissance