12 matches found
Nasdaq BWise 5.0 JMX/RMI Interface Remote Code Execution
CONVISO-18-001 - Nasdaq BWise JMX/RMI RCE 1. Advisory Information Conviso Advisory ID: CONVISO-18-001 CVE ID: CVE-2018-11247 CVSS v2: CVSS v2: 8.8,AV:N/AC:M/Au:N/C:C/I:C/A:N Date: 16/05/2018 2. Affected Components Nasdaq BWise 5.0 JMX/RMI interface 3. Description Nasdaq BWise 5.0, through its...
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...
Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler zoommtg:// and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is...
Zoom Linux Client 2.0.106600.0904 Buffer Overflow Vulnerability
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client...
Zoom Linux Client 2.0.106600.0904 Command Injection
CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904 zoomamd64.deb...
Zoom Linux Client 2.0.106600.0904 Buffer Overflow
CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...
Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal Vulnerabilities
Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue. Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that...
LiveZilla Cross Site Scripting
Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ LiveZilla Cross Site Scripting Vulnerability CVE-2010-4276 INTRODUCTION Accordingly to LiveZilla GmbH, "the Next Generation Live Help and Live Support System connects you to your website...
Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities
Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Radius Manager Multiple Cross Site Scripting Issues CVE-2010-4275 INTRODUCTION Radius Manager is a centralized way for...
Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978
Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Spree e-commerce JSON Hijacking Vulnerabilities CVE-2010-3978 INTRODUCTI...
cforms WordPress Plugin Cross Site Scripting
Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977 INTRODUCTION According to Delicious Days, "cforms is a powerful and feature rich form plugin for WordPress, offering...