TG Soft Vir.IT eXplorer Lite Local Denial of Service Vulnerability (CNVD-2017-37075)

TG Soft VirIT eXplorer is a suite of antivirus software from the Italian company TG Soft. A local denial of service vulnerability exists in TG Soft Vir.IT eXplorer Lite. A local attacker can exploit this vulnerability to cause a denial of service blue screen of death or other impact via a...

CVE-2017-17471

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service BSOD or possibly have unspecified other impact via a \.\Viragtlt DeviceIoControl request of 0x82732140...

CVE-2017-17470

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service BSOD or possibly have unspecified other impact via a \.\Viragtlt DeviceIoControl request of 0x82730054...

CVE-2017-17469

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service BSOD or possibly have unspecified other impact via a \.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948...

CVE-2017-17468

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service Arbitrary Write via a \.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050...

CVE-2017-17475

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service BSOD or possibly have unspecified other impact via a \.\Viragtlt DeviceIoControl request of 0x82736068...

IKARUS anti.virus null pointer dereference vulnerability

IKARUS anti.virus is a set of antivirus products from IKARUS Security Software Austria. ntguardx64.sys is one of the self-protection system. IKARUS anti.virus 2.16.15 version of the ntguardx64.sys 0.18780.0.0 version has a security vulnerability. An attacker can exploit this vulnerability to caus...

CVE-2017-17114

ntguard.sys and ntguardx64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request...

The vulnerability of the Junos operating system, related to the lack of measures for cleaning input data, allows a intruder to gain unauthorized access to the device.

The vulnerability of the Junos operating system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a local attacker to increase their privileges and gain full control over the device, by using specially crafted combinations of CLI commands and...

Authentication flaw

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability

Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

CVE-2016-4922

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

BlueBorne – Bluetooth’s airborne influenza

Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability. This includes mobile, desktop, and IoT — roughly accounting for 8.2 billion devices. All operating systems are susceptible — Android, iOS, Windows, and Linux. Dubbed BlueBorne, it exposes several...

The vulnerability in the Bluetooth Network Encapsulation Protocol (BNEP) operating system’s profile allows a intruder to execute arbitrary code within the context of a privileged process.

The vulnerability in the Bluetooth Network Encapsulation Protocol BNEP service of the Android operating system lies in the loss of a whole bit. Exploiting this vulnerability allows an attacker to compromise the integrity of memory and gain full control over the device...

The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)

General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air airborne and attacks devices via...

Android PAN Remote Code Execution Vulnerability

The Bluetooth Network Encapsulation Protocol BNEP is used to transfer data from another protocol stack via L2CAP. A remote code execution vulnerability exists in the BNEP service's high-level-Personal Area Network PAN configuration file, which is used to establish an IP network connection between...

CVE-2017-7649

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and...

CVE-2017-14263

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user...

CVE-2017-14263

Summary of CVE-2017-14263 Affected product: Honeywell NVR devices (network video recorder). Vulnerability details: Remote attackers can create a user account in the admin group by abusing access to a guest account to obtain a session ID, then sending that session ID in a userManager.addUser reque...