InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 - Authentication Bypass InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...

ipd.kit.edu XSS vulnerability

Open Bug Bounty ID: OBB-145743 Description| Value ---|--- Affected Website:| ipd.kit.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

BlackBerry Desktop Software Security Bypass Vulnerability

BlackBerry Desktop Software is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The offline backup mechanism in Research In Motion RIM BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack...

CVE-2003-1246

CVE-2003-1246 affects the Integrity Protection Driver (IPD) versions 1.2 and 1.3. The vulnerability is in NtCreateSymbolicLinkObject within ntdll.dll, allowing a local attacker to create and overwrite arbitrary files under boot/system path via a symlink attack on \winnt\system32\drivers using the...

CVE-2002-2126

IPD 1.2 (Integrity Protection Driver) contains a vulnerability in restrictEnabled where driver installation is delayed by 20 minutes. This timing window lets a local user set the system clock back and insert malicious code during installation. Affected: IPD 1.2; root cause: clock-based delay in i...

CVE-2002-2127

The CVE-2002-2127 entry concerns Integrity Protection Driver (IPD) versions 1.2 and earlier. The vulnerability arises from IPD blocking access to \Device\PhysicalMemory by name, but an attacker could abuse a symlink to access the device and cause a local privileged process to overwrite kernel mem...

CVE-2003-1233

Pedestal Software Integrity Protection Driver IPD 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to 1 \Device\PhysicalMemory or 2 to a drive letter...

CVE-2003-1233

Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier is affected. The root cause is the ability to create a symbolic link via NtCreateSymbolicLinkObject to access sensitive kernel resources, specifically to \Device\PhysicalMemory or via a drive letter created with subst. This bypas...

CVE-2004-1718

The CVE-2004-1718 entry concerns Integrity Protection Driver (IPD) versions 1.4 and earlier. Affected component: ZwOpenSection function. Root cause: an invalid pointer in the oa argument can be exploited by a local attacker, causing a crash (denial of service). Impact is described as local denial...

IPD NULL pointer DoS

ZwOpenSection hook NULL pointer dereference problem...

[NGSEC-2004-6] IPD, local system denial of service.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: IPD, local system denial of service. ID: NGSEC-2004-6 Application: IPD up to 1.4 http://www.pedestalsoftware.com/ Date: 14/Aug/2004 Status: Vendor contacted on...