3702 matches found
MobaXterm server may allow arbitrary command injection due to missing X11 authentication
Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on...
Qolsys IQ Panel contains multiple vulnerabilities
Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and...
EPSON Network Utility installs EpsonBidirectionalService with insecure permissions
Overview EPSON Network Utility contains a local privilege escalation vulnerability, which allows a local attacker to execute arbitrary code with SYSTEM privileges. Description CWE-276: Incorrect Default Permissions - CVE-2015-6034EPSON Network Utility v4.10 is an application that checks the print...
HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password
Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...
HP Photosmart B210 printer SMB server buffer overflow vulnerability
Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...
HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...
Medicomp MEDCIN Engine contains multiple vulnerabilities
Overview Medicomp's MEDCIN Engine provide electronic health records EHR tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows. Description Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable...
Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability
Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...
HP ArcSight Logger contains multiple vulnerabilities
Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...
Voice over LTE implementations contain multiple vulnerabilities
Overview Long Term Evolution LTE mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks n...
ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities
Overview Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. Description CWE-255: Credentials Management - CVE-2015-6016According to the reporter, the following models...
QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X
Overview QNAP QTS is a Network-Attached Storage NAS system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X. Description CWE-23: Relative Path Traversal - CVE-2015-6003 When the Apple Filing Protocol AFP is enabled, any OS X user account including th...
Datalex airline booking software allowed authorization bypass for arbitrary users
Overview Datalex provides a suite of software offerings for the airline industry which supports a customizable flight browsing, booking, payment, and analytics. The Datalex airline booking software contained an error in its error handling routines which allows authorization bypass and loss of...
Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information
Overview RFC 6265 previously RFC 2965 established HTTP State Management, also known as "cookies". In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information. Description HTTP cookies have long...
Web Reference Database (refbase) contains multiple vulnerabilities
Overview Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities. Description Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities.CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-6007 The application...
Securifi Almond routers contains multiple vulnerabilities
Overview Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-2914Securifi Almond and Almond 2015 use static source...
Impero Education Pro classroom management software vulnerable to remote code execution
Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...
OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-2912The Studio web interface to OrientDB contains a CSRF vulnerability. An attacker can perform actions with the...
Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities
Overview Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery CSRF. Description CWE-255: Credentials Management -...
Seagate and LaCie wireless storage products contain multiple vulnerabilities
Overview Multiple Seagate wireless storage products contain multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username an...
Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities
Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to...
Router devices do not implement sufficient UPnP authentication and security
Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally...
Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...
DSL routers contain hard-coded "XXXXairocon" credentials
Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...
Dedicated Micros DVR products use plaintext protocols and require no password by default
Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...
Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It...
Cisco Prime Infrastructure contains SUID root binaries
Overview The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root. Description CWE-276: Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as...
Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
Overview Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities. Description CWE-259: Use of Hard-coded Password - CVE-2015-2904Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the...
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...
Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials
Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...
Chiyu Technology fingerprint access control contains multiple vulnerabilities
Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...
BIOS implementations fail to properly set UEFI write protections after waking from sleep mode
Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems...
Android Stagefright contains multiple vulnerabilities
Overview Stagefright is the media playback service for Android, introduced in Android 2.2 Froyo. Stagefright in versions of Android prior to 5.1.1r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device...
Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled
Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...
N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...
Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read
Overview Total Commander's File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker. Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bound...
Kaseya Virtual System Administrator contains multiple vulnerabilities
Overview Kaseya Virtual System Administrator VSA, versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities. Description CWE-22: Improper Limitation of Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-2862Kaseya VSA is an IT management...
Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability
Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain amemory corruption...
Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability
Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 opaqueBackground property, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain a use-after-fre...
Windows Adobe Type Manager privilege escalation vulnerability
Overview The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain SYSTEM privileges on an affected Windows system. Description Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by Windows and provides...
Grandsteam GXV3611_HD camera is vulnerable to SQL injection
Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...
Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability
Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.194 contain a use-after-free...
ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities
Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL...
Vesta Control Panel is vulnerable to cross-site request forgery
Overview Vesta Control Panel is vulnerable to a cross-site request forgery CSRF attack. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2015-2861Vesta Control Panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a...
Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates
Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-4640Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed...
Pearson ProctorCache contains hard coded credentials
Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package install...
Retrospect Backup Client uses weak password hashing
Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...
Avigilon Control Center is vulnerable to path traversal
Overview The Avigilon Control Center ACC is a server software for security and surveillance systems. The ACC Server is vulnerable to a path traversal attack, allowing an attacker to access any file on the server. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Pat...
CUPS print service is vulnerable to privilege escalation and cross-site scripting
Overview CUPS implements the Internet Printing Protocol IPP for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error. Description CWE-911: Improper Update of Reference Count - CVE-2015-1158An issue with how localized...