Oracle 9iAS SOAP components allow anonymous users to deploy applications by default

Overview Oracle Application Server 9iAS installs with Simple Object Access Protocol SOAP enabled by default and allows unauthenticated remote users to deploy and undeploy SOAP services and providers. Description Oracle Application Server 9iAS supports Simple Object Access Protocol SOAP, an...

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE...

CA Siteminder login.fcc form xss vulnerability

Overview CA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting XSS vulnerability. Description According to CA's website: "CA SiteMinder provides a centralized security management foundation that enables the secure use of the web ...

Arcadyan-based routers and modems vulnerable to authentication bypass

Overview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration. Description The...

PCAUSA Rawether for Windows local privilege escalation

Overview PCAUSA's Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. This vulnerability may be exploited to perform local privilege escalation on...

Dahua Security DVRs contain multiple vulnerabilities

Overview Digital video recorders DVR produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Description Dahua Technologies Co., Ltd. produces DVR appliances that contain multiple vulnerabilities.CWE-798:...

ISC dhclient vulnerability

Overview The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Description According to ISC:ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the...

WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods

Overview The WeOnlyDo! SFTP ActiveX control is incorrectly marked safe for scripting. This may allow a remote unauthenticated attacker to upload arbitrary files from a vulnerable system to an SFTP server or download arbitrary files from an SFTP server to a vulnerable system. Description...

VERITAS NetBackup library buffer overflow vulnerability

Overview A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Symantec/VERITAS:A vulnerability has been confirmed in the NetBackup Volume Manager daemon vmd. By sending a specially crafted...

Multiple vulnerabilities in SNMPv1 request handling

Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest , and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages yo...

Linksys SMART WiFi firmware contains multiple vulnerabilities

Overview Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. Description CWE-320: Key Management Errors - CVE-2014-8243An remote, unauthenticated attacker can read the router's .htpassword file by requesting https:///.htpasswd. The .htpasswd file...

Huawei Echo Life HG8247 optical router XSS vulnerability

Overview Huawei Echo Life HG8247 optical router contains a stored cross-site scripting XSS vulnerability Description It has been reported that Huawei Echo Life HG8247 optical routers running software version V1R006C00S120 or earlier contain a stored cross-site scripting XSS vulnerability. An...

Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method

Overview Microsoft Internet Information Server IIS servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookie...

Samba creates temporary files insecurely

Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...

PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.

Overview PrinterLogic Print Management Software fails to validate SSL and software update certificates, which could allow an attacker to reconfigure the software and remotely execute code. In addition, the PrinterLogic agent does not sanitize browser input allowing a remote attacker to modify...

Sage XRT Treasury database fails to properly restrict access to authorized users

Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT...

ASUS RT-N10E Wireless Router vulnerable to authentication bypass

Overview ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability CWE-592. Description CWE-592: Authentication Bypass Issues ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability. An attacker with network access to the device can navigate to the web page...

SNMPv3 improper HMAC validation allows authentication bypass

Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. Description SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and...

Microsoft RPCSS Service contains memory leak in handling of specially crafted messages

Overview Microsoft RPCSS Service contains a memory management vulnerability that may permit a remote attacker to cause a denial-of-service situation. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many versions o...

Microsoft Office mailto URI remote code execution

Overview A vulnerability in the way that Microsoft Outlook handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages, schedules,...

OpenSSH vulnerabilities in challenge response handling

Overview There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd often root. The first vulnerability affects OpenSSH versions 2.9.9 through 3.3 that...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...

Adobe Reader and Acrobat JBIG2 buffer overflow vulnerability

Overview Adobe Reader and Acrobat contain a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...

OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow

Overview A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a...

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields

Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. Description Like all web servers, IIS parses HTTP headers and decomposes them into the constituent parts. As part of this processing, IIS checks for delimiters that a...

Linux kernel on Intel systems is susceptible to Spectre v2 attacks

Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection BHI are likely affected. An unauthenticated...

TVT TD-2308SS-B DVR contains a directory traversal vulnerability

Overview TVT TD-2308SS-B DVR and possibly other models contain a directory traversal vulnerability CWE-22. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' TVT TD-2308SS-B DVR and possibly other models running firmware version 3.2.0.P-3520A-00 conta...

Apache vulnerable to buffer overflow when expanding environment variables

Overview There is a buffer overflow vulnerability in apresolveenv function of Apache that could allow a local user to gain elevated privileges. Description The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft...

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

Overview Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Firefox supports SVG animation through the use of SMIL. The...

Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets

Overview Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Description Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Additional details may be found in Junip...

Multiple vulnerabilities in SSL/TLS implementations

Overview Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. Description The U.K. National Infrastructure Security Co-ordination...

Cryptographic libraries and applications do not adequately defend against timing attacks

Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency...

GRUB2 bootloader is vulnerable to buffer overflow

Overview The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. Description GRUB2 is a multiboot boot loader that replaced GRUB Legacy in 2012. A boot loader is the first program that runs upon...

F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview F5 BIG-IP provides a Traffic Management User Interface TMUI, also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a...

IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service

Overview IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java...

Multiple Netgear routers are vulnerable to arbitrary command injection

Overview Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' , CWE-306:...

POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates

Overview The POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates, allowing an attacker to trick the victim application into trusting a malicious certificate. Description CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action Guenter Obiltschnig o...

DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP

Overview The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. Description The DBPOWER U8181A WIFI quadcopter drone is designed to record images and video from the air. The drone provides an undocumente...

Automated Solutions Modbus/TCP Master OPC server Modbus TCP header vulnerability

Overview Automated Solutions OPC Server contains a heap corruption vulnerability in the Modbus/TCP Master OPC server. Description Automated Solutions Modbus/TCP Master OPC Server contains a heap corruption vulnerability. The server is vulnerable to an attacker writing an arbitrary number of doubl...

Microsoft Routing and Remote Access does not properly handle RPC requests

Overview There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system. Description The Routing and Remote Access Service RRAS allows computers running the Windows 2000, XP, and Server 2003 operating systems...

Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)

Overview A vulnerability that affects Microsoft IIS 5.0 and Exchange 2000 allows an intruder to disrupt IIS web services and web-based mail services served via an Exchange server. Description Microsoft IIS 5.0 contains a vulnerability that allows an intruder to cause a memory allocation error by...

Implementations of UDP-based application protocols are vulnerable to network loops

Overview A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols e.g., DNS, NTP, TFTP that can...

Treck IP stacks contain multiple vulnerabilities

Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is designed for and used in a variety of embedded systems. T...

Seagate and LaCie wireless storage products contain multiple vulnerabilities

Overview Multiple Seagate wireless storage products contain multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username an...

Majordomo 2 _list_file_get() directory traversal vulnerability

Overview Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction, which may allow a remote, unauthenticated attacker to obtain sensitive information. Description Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction lib/Majordomo.pm caused...

Apache Tomcat fails to properly handle cookies containing single quotes

Overview Apache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter...

Microsoft Winsock buffer overflow

Overview A buffer overflow vulnerability in Microsoft Winsock may allow a remote attacker to execute arbitrary code on an affected system. Description Winsock Windows Socket 2 allows network applications to relay data across a network regardless of the network protocol being used. Microsoft's...

Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...

Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Overview Microsoft Internet Explorer IE allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software...

Microsoft Internet Explorer contains buffer overflow in processing of object types

Overview A remotely exploitable vulnerability has been discovered in Internet Explorer. Exploitation of this vulnerability may lead to the execution of arbitrary code. Description A remotely exploitable buffer overflow vulnerability has been discovered in Internet Explorer versions 5.1, 5.5 and...