Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera “update” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

CVE-2016-6566

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

Design/Logic Flaw

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

CVE-2016-6566 The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution

The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable to Universal XSS and Remote Code Execution. Vendor has released software updates to fix both vulnerabilities on 3 June 2018. === Vendor === ClassLink: https://www.classlink.com === Vulnerability 1: Universal XSS throu...

Denial-of-Service (DoS)

The Fastify library is vulnerable to denial-of-service DoS attacks when attackers send a request with with Content-Type:application/json and a payload that surpasses the internal string length limit of 2^30-25 bytes. Upon receipt, the process will crash due to an uncaughtException rendering it...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Sungard eTRAKiT3 3.2.1.17 - SQL Injection

Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...

Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection

Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticated user. Vulnerabilities ================...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability

A vulnerability in the application programming interface API web interface of the Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, remote attacker to perform privilege escalation on the affected device. The attacker can escalate privileges to...

IRCCloud: Inadequate input validation on API endpoint leading to self denial of service and increased system load.

Summary A security researcher discovered an API payload that would send invalid data to their own user process, which would repeatedly fail to be handled correctly. This error handling loop prevented further access to their user account. Details The payload was a JSON object containing an empty...