3702 matches found
Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function
Overview The Windows Local Security Authority Service Server LSASS contains a vulnerability that may permit an attacker to completely compromise the system. Description A buffer overflow vulnerability exists in a Microsoft Active Directory service logging function that is exposed by the LSASS...
Hewlett Packard JetDirect-enabled printers disclose Telnet/HTTP passwords in hex format via "SNMP READ" request
Overview Hewlett Packard HP printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request. Description HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the...
NicheStack embedded TCP/IP has vulnerabilities
Overview HCC Embedded's software called InterNiche stack NicheStack and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as...
Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks
Overview Bluetooth Low Energy BLE and Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using an agreed upon Association Model. It is possible for an...
Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials
Overview The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for...
AirDroid web interface XSS vulnerability
Overview AirDroid web interface contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'The AirDroid web interface fails to sanitize malicious code within a text message on the target phone causing the script to be execut...
Image files in UEFI can be abused to modify boot behavior
Overview Implementation of Unified Extensible Firmware Interface UEFI by Vendors provide a way to customize logo image displayed during the early boot phase. Binarly has uncovered vulnerabilities in the image parsing libraries that provide this capability. An attacker with local privileged access...
HP System Management Homepage contains a command injection vulnerability
Overview HP System Management Homepage contains a command injection vulnerability CWE-77 that may result in arbitrary command execution and privilege escalation. Description Markus Wulftange from Daimler TSS reports: The vulnerability is located in the ginkgosnmp.inc PHP file in the...
Microsoft Internet Explorer 8 use-after-free vulnerability
Overview Microsoft Internet Explorer 8 is susceptible to a use-after-free vulnerability in the mshtml.dll library. Description The use-after-free vulnerability is triggered when handling circular memory references. Full details of the crash can be found at Michal Zalewski's website. Additional...
Mozilla denial of service vulnerability
Overview Certain Mozilla products contain a denial-of-service vulnerability. Description Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the jsdtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and...
Sun Solaris dtmail contains a format string vulnerability
Overview A vulnerability in the way dtmail handles command-line arguments could allow an attacker to execute arbitrary code. Description The dtmail program is a mail user agent MUA for the Common Desktop Environment CDE. It provides a graphical user interface for reading, sending, and managing...
CacheGuard OS contains a cross-site request forgery vulnerability
Overview CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. Description CWE-352: Cross-Site Request Forgery CSRF CacheGuard OS v5.7.7 does not sufficiently verify wheth...
D-Link DSL2730U router restricted telnet shell command whitelisting bypass
Overview D-Link DSL2730U routers contain a restricted telnet shell with limited allowed commands. An authenticated attacker can chain unauthorized commands through authorized commands in order to bypass the command whitelisting. Description CWE-78: Improper Neutralization of Special Elements used...
Mozilla Firefox command line URI handling vulnerability
Overview Mozilla Firefox contains a vulnerability that may allow an attacker to bypass security restrictions by opening specially crafted URIs using the Firefox command line interface. Description Mozilla Firefox can process URIs from its command line interface that can be accessed by users or...
Multiple BGP implementations are vulnerable to improperly formatted BGP updates
Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset impac...
Voice over LTE implementations contain multiple vulnerabilities
Overview Long Term Evolution LTE mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks n...
Microsoft Windows automatically executes code specified in shortcut files
Overview Microsoft Windows automatically executes code specified in shortcut LNK and PIF files. Description Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. A PIF file is a shortcut to a MS-DOS application. Clicking on a LNK or PIF file has...
Adobe Acrobat Plug-In cross domain violation
Overview The Adobe Acrobat Plug-In fails to properly validate user-supplied content, which may allow for cross-site scripting. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...
Linux kernel do_brk() function contains integer overflow
Overview A vulnerability in the linux kernel may permit a local user to gain elevated privileges. Description Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call dobrk function. This vulnerability may be exploited by a local user to gain elevated ...
3Com HomeConnect Cable Modem vulnerable to DoS via long string of characters
Overview Intruders can disrupt the normal operation of a 3Com HomeConnect Cable Modem. Description The 3Com HomeConnect Cable Modem contains a web server. This web server is used to administer the cable modem. By default, this web server is configured to allow any user local or remote to connect ...
BMC software fails to validate IPMI session.
Overview The Intelligent Platform Management Interface IPMI implementations in multiple manufacturer's Baseboard Management Controller BMC software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network with IPMI enabled can abuse the lack of session integrity to...
Recursive DNS resolver implementations may follow referrals infinitely
Overview Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server. Description RFC 1034 describes the standard technical issues of enabling domain delegations in DNS, but does not provide a specific implementation, leaving DNS serve...
Brocade BigIron RX switch ACL bypass vulnerability
Overview Brocade BigIron RX switch devices are susceptible to an access control list ACL bypass vulnerability by sending packets with the source port 179. Description Brocade BigIron RX switch devices do not properly restricted packets sent with a source port of 179. Port 179 is commonly used for...
Apple Safari window object invalid pointer vulnerability
Overview Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Safari fails to properly handle references to window objects. Safari can allow a window object t...
BIND DNS Nameserver, DNSSEC validation Vulnerability
Overview A vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache. Description BIND 9 contains a vulnerability in the way recursive client queries are handled. According to ISC:A nameserver with DNSSEC validation enabled...
OpenSSH contains a race condition vulnerability
Overview A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol.The OpenSSH server includes the...
Microsoft COM+ contains a memory management flaw
Overview Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system. Description Microsoft gives the following definition of COM+: COM+ is the next step in the evolution of the Microsoft Component Object Model...
libpng contains integer overflows in progressive display image reading
Overview The Portable Network Graphics library libpng contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...
cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c
Overview There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code. Description cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffe...
Ragentek Android OTA update mechanism vulnerable to MITM attack
Overview Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges. Description CWE-494: Download of Code Without Integrity Check - CVE-2016-6564 Android...
NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities
Overview NUUO NVRmini 2, NVRsolo, Crystal, and Netgear ReadyNAS Surveillance products have web management interfaces containing multiple vulnerabilities that can be leveraged to gain complete control of affected devices. Description NUUO NVRmini 2, NVRsolo, and Crystal, and Netgear ReadyNAS...
Harman AMX multimedia devices contain hard-coded credentials
Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-8362According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded "backdoor" account with...
Toshiba 4690 OS contains an information disclosure vulnerability
Overview The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains an information disclosure vulnerability. Description CWE-200: Information Exposure - CVE-2014-4876The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains...
Huawei E585 pocket wifi 2 device contains multiple vulnerabilities
Overview The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrative functions on the device. Description The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrati...
MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities
Overview Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. Description Several vulnerabilities exist in the Authentication Service and Key Distributio...
Linux kernel fails to properly handle malformed SCTP packets
Overview It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks. Description The Stream Control Transmission Protocol SCTP, RFC 2960 is a transport layer protocol which provides reliable, sequential transport of message streams with congestio...
CGI.pm vulnerable to Cross-site Scripting
Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...
Apache Portable Runtime contains heap buffer overflow in apr_psprintf()
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server. Description The Apache HTTP server contains a heap buffer overflow vulnerability in the aprpsprintf function. The Apache Softwar...
Sun ONE Directory Server "ns-ldapd" can be terminated by unprivileged user
Overview A denial-of-service vulnerability exists in the Sun ONE Directory Server. This vulnerability may allow a remote attacker to effectively terminate directory services on the affected host. Description Sun describes the Sun ONE Directory Server asa software product that provides a central...
iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the XNU kernel lio_listio() function
Overview iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the GNU kernel's liolistio function, which can allow a malicious application to achieve unsandboxed, kernel-level code execution. Description iOS, iPadOS, tvOS, watchOS, and macOS contain an a double-free...
Microsoft Windows DNS servers are vulnerable to heap overflow
Overview Microsoft Windows DNS servers are vulnerable to heap overflow attacks, enabling unauthenticated attackers to send malicious requests to affected servers. Description CWE-122: Heap-based Buffer Overflow - CVE-2018-8626Microsoft Windows Domain Name System DNS servers are vulnerable to heap...
ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation
Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...
Java 7 fails to restrict access to privileged code
Overview Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE 1.7 allows users to run Java applications in a browser or as...
TWiki command execution vulnerability
Overview The TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files. Description TWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by...
Ruby WEBrick vulnerable to directory traversal
Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...
Adobe Flash Player long string buffer overflow
Overview Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...
Microsoft Virtual Machine allows applets write access to the Standard Security Manager
Overview A flaw in the Microsoft virtual machine Microsoft VM could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition. Description The Microsoft virtual machine Microsoft VM enables Java programs to run on Windows platforms. T...
Format string input validation error in wu-ftpd site_exec() function
Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...
Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities
Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to...
Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
Overview Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities. Description CWE-259: Use of Hard-coded Password - CVE-2015-2904Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the...