Liferay Portal fails to protect against CSRF

Overview Liferay Portal fails to properly protect against Cross-Site Request Forgery CSRF. This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon. Description Liferay Portal is an enterprise portal solution that uses Java technologies. Liferay Portal...

Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow

Overview Computer Associates BrightStor ARCserve Backup contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EXE. Thi...

Sun Solaris Kernel SSL Proxy service is vulnerable to a denial of service condition

Overview The Sun Solaris Kernel SSL Proxy service contains a flaw that may allow a remote attacker to cause a denial of service condition. Description Sun Solaris 10 operating system provides a module called the SSL Kernel Proxy to improve the performance of applications that do SSL packet...

XMLHttpRequest Object security bypass in Opera Web Browser

Overview The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites. Description The XMLHttpRequest Object is a scripting object that provides routines...

Microsoft Windows LoadImage API vulnerable to integer overflow

Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...

Microsoft Internet Explorer does not properly handle cached HTTPS contents

Overview Microsoft Internet Explorer fails to properly validate cached HTTPS contents, allowing an attacker to obtain information or spoof information on a secure web site. Description The HTTPS protocol is used to provide authentication, encryption, integrity, and non-repudiation services to web...

Microsoft Windows contains vulnerability in Window Management API

Overview A vulnerability in the Microsoft Windows window application programming interfaces APIs could allow a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows contains a vulnerability in the window management application programming interface API...

libpng png_handle_iCCP() NULL pointer dereference

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability that could cause affected applications to crash. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format...

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups

Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...

SquirrelMail compose.php script does not adequately validate input thereby allowing arbitrary user to send messages

Overview Some versions of SquirrelMail do not properly validate input. Attackers can spoof email addresses through this vulnerability. Description SquirrelMail is a collection of PHP4 scripts that provides webmail services. Prior to version 1.24, SquirrelMail does not properly validate Universal...

Solaris Line Printer Daemon (in.lpd) vulnerable to buffer overflow via transfer job routine

Overview A buffer overflow exists in the Solaris line printer daemon in.lpd that may allow a remote intruder to execute arbitrary code with the privileges of the running in.lpd. This daemon runs with root privileges by default on all recent versions of Solaris. Description The Solaris in.lpd...

New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass vulnerability that allows an unauthenticated user to access content from both inside and outside the network. The second is a...

Apple devices vulnerable to arbitrary code execution in SecureROM

Overview Some Apple devices are vulnerable to arbitrary code execution at the Boot ROM level called "SecureROM" by Apple by exploiting a use-after-free vulnerability. Successful exploitation results in the ability to execute arbitrary code on the device. checkm8 is a public exploit for this...

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

Overview The Accellion File Transfer Appliance FTA contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Accellion File Transfer appliance contains multiple vulnerabilities in versions below...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain amemory corruption...

Fortigate UTM appliances share the same default CA certificate

Overview Fortigate UTM appliances that support SSL/TLS deep packet inspection share the same self-signed Fortigate CA certificate and associated private key across all devices. The private key, which has been compromised, allows attackers to create and sign fake certificates. Description Fortigat...

Webmin contains input validation vulnerabilities

Overview Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities. Description The advisories from American Information Security Group report the following vulnerabilities.CWE-20: Improper Input Validation - CVE-2012-2981 "An input validation flaw...

Adobe Reader and Acrobat font memory corruption vulnerability

Overview Adobe Reader and Acrobat fail to properly handle font data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description A critical vulnerability exists in the font parsing code in Adobe Reader and Acrobat. The vulnerability results i...

Adobe Flash code execution vulnerability

Overview Adobe Flash 10.1.85.3 contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash 10.1.85.3 and earlier versions as well as 10.2.161.23 and earlier 10.2 preview versions contain a vulnerability that...

Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings

Overview Cisco Industrial Ethernet 3000 IE 3000 Series switches running Cisco IOS Software releases 12.252SE or 12.252SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device. Description Cisco Industrial Ethernet...

Energizer DUO USB battery charger software allows unauthorized remote system access

Overview The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. Description Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been...

APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery

Overview The web management interface for the APC Network Monitoring Card NMC used in various APC devices contains cross-site scripting XSS and cross-site request forgery CSRF/XSRF vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker...

Cyrus IMAPd buffer overflow vulnerability

Overview The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code. Description The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered...

Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities

Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...

Microsoft Windows IGMPv3 and MLDv2 processing vulnerability

Overview Microsoft Windows fails to properly process IGMPv3 and MLDv2 network traffic. If exploited, this vulnerability may result in arbitrary code execution or a denial-of-service condition. Description Internet Group Management Protoco IGMP is the protocol used by IPv4 hosts to report their...

BIND version 8 generates cryptographically weak DNS query identifiers

Overview ISC BIND version 8 generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. Version 8 of the BIND...

Microsoft Outlook vulnerable to DoS via a malformed email message

Overview There is a vulnerability in the way Microsoft Outlook handles malformed email messages that may allow a remote, unauthenticated attacker to cause a denial of service. Description Microsoft Outlook contains a vulnerability in the way that it handles certain email message headers. Accordin...

Multiple D-Link routers fail to properly process UPnP M-SEARCH requests

Overview A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. Description UPnP Universal Plug and Play UPnP is a system that allows network devices to operate together. M-SEAR...

Mozilla display style vulnerability

Overview Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products contain an unspecified vulnerability in the way they...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

Oracle TNS protocol fails to properly validate authentication requests

Overview The Oracle TNS protocol authentication mechanism fails to properly sanitize authentication requests, possibly allowing a remote attacker to execute arbitrary SQL statements with elevated privileges. Description Oracle databases authenticate and manage database connections via Oracle...

Symantec Norton AntiVirus vulnerable to DoS via the "Auto-Protect" module

Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruse...

Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow

Overview A buffer overflow vulnerability in the Microsoft Windows Internet Naming Service WINS replication protocol may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names. WIN...

OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake

Overview OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Securi...

metamail contains multiple format string vulnerabilities

Overview Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the...

Blahz-DNS does not properly authenticate users before granting access to various configuration pages

Overview Blahz-DNS does not properly authenticate users. Description Blahz-DNS does not properly authenticate users. As a result, an attacker can gain access to various configuration pages. For more detailed information, please see the ppp-design advisory. --- Impact An attacker can gain access t...

Microsoft Internet Information Server (IIS) vulnerable to DoS via malformed FTP connection status request

Overview A vulnerability in IIS could allow an intruder to disrupt ordinary operations of both FTP and Web services on vulnerable IIS servers. Description IIS includes an FTP server. An intruder who sends a malformed request for the status of an existing connection could cause the IIS server to...

iPlanet Directory Server contains multiple vulnerabilities in LDAP handling code

Overview The iPlanet Directory Server contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product,...

LLVMs Arm stack protection feature can be rendered ineffective

Overview The stack protection feature in LLVM's Arm backend can be rendered ineffective when the stack protector slot is re-allocated so that is appears after the local variables that it is meant to protect, leaving the function potentially vulnerable to a stack-based buffer overflow. Description...

U by BB&T iOS banking application fails to properly validate SSL certificates

Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking...

D-Link routers contain buffer overflow vulnerability

Overview D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-5681A stack-based buffer overflow occurs in the function within the cgibin binary which validates...

Adobe Flash memory corruption vulnerability

Overview Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild. Description Adobe Flash Player 21.0.0.242 and earlier contain an unspecified vulnerability that an allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous...

ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery

Overview ZyXEL NBG-418N router, firmware version 1.00AADZ.3C0, uses default credentials and is vulnerable to cross-site request forgery. Description CWE-255: Credentials Management - CVE-2015-7283The ZyXEL NBG-418N web administration interface uses non-random default credentials of admin:1234. A...

Netmaster cable modem information leakage vulnerability

Overview The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default Description CWE-200- Information Exposure The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password...

Arris Touchstone cable modem information leakage vulnerabiliity

Overview Arris Touchstone DG950A cable modem enables SNMP public access by default. Description CWE-200- Information Exposure The Arris Touchstone DG950A cable modem running software version 7.10.131 was found to expose sensitive information such as passwords, ssids, and wifi keys via the SNMP...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...