Nasdaq BWise 5.0 JMX/RMI Interface Remote Code Execution

CONVISO-18-001 - Nasdaq BWise JMX/RMI RCE 1. Advisory Information Conviso Advisory ID: CONVISO-18-001 CVE ID: CVE-2018-11247 CVSS v2: CVSS v2: 8.8,AV:N/AC:M/Au:N/C:C/I:C/A:N Date: 16/05/2018 2. Affected Components Nasdaq BWise 5.0 JMX/RMI interface 3. Description Nasdaq BWise 5.0, through its...

Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 - Command Injection

Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...

Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler zoommtg:// and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is...

Zoom Linux Client 2.0.106600.0904 Buffer Overflow

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 Command Injection

CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904 zoomamd64.deb...

Zoom Linux Client 2.0.106600.0904 Buffer Overflow Vulnerability

The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal Vulnerabilities

Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue. Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that...

LiveZilla Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ LiveZilla Cross Site Scripting Vulnerability CVE-2010-4276 INTRODUCTION Accordingly to LiveZilla GmbH, "the Next Generation Live Help and Live Support System connects you to your website...

Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities

Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Radius Manager Multiple Cross Site Scripting Issues CVE-2010-4275 INTRODUCTION Radius Manager is a centralized way for...

Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Spree e-commerce JSON Hijacking Vulnerabilities CVE-2010-3978 INTRODUCTI...

cforms WordPress Plugin Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977 INTRODUCTION According to Delicious Days, "cforms is a powerful and feature rich form plugin for WordPress, offering...