HP Client Automation and Radia Client Automation is vulnerable to remote code execution

Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...

HP ArcSight Logger contains multiple vulnerabilities

Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...

Voice over LTE implementations contain multiple vulnerabilities

Overview Long Term Evolution LTE mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks n...

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

Overview Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. Description CWE-255: Credentials Management - CVE-2015-6016According to the reporter, the following models...

QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X

Overview QNAP QTS is a Network-Attached Storage NAS system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X. Description CWE-23: Relative Path Traversal - CVE-2015-6003 When the Apple Filing Protocol AFP is enabled, any OS X user account including th...

Datalex airline booking software allowed authorization bypass for arbitrary users

Overview Datalex provides a suite of software offerings for the airline industry which supports a customizable flight browsing, booking, payment, and analytics. The Datalex airline booking software contained an error in its error handling routines which allows authorization bypass and loss of...

Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information

Overview RFC 6265 previously RFC 2965 established HTTP State Management, also known as "cookies". In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information. Description HTTP cookies have long...

Web Reference Database (refbase) contains multiple vulnerabilities

Overview Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities. Description Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities.CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-6007 The application...

Securifi Almond routers contains multiple vulnerabilities

Overview Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-2914Securifi Almond and Almond 2015 use static source...

Impero Education Pro classroom management software vulnerable to remote code execution

Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

Overview Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery CSRF. Description CWE-255: Credentials Management -...

OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-2912The Studio web interface to OrientDB contains a CSRF vulnerability. An attacker can perform actions with the...

Seagate and LaCie wireless storage products contain multiple vulnerabilities

Overview Multiple Seagate wireless storage products contain multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username an...

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...

Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities

Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to...

Router devices do not implement sufficient UPnP authentication and security

Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally...

DSL routers contain hard-coded "XXXXairocon" credentials

Overview DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone PLDT, and ZTE contain hard-coded "XXXXairocon" credentials Description CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine...

Dedicated Micros DVR products use plaintext protocols and require no password by default

Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It...

Cisco Prime Infrastructure contains SUID root binaries

Overview The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root. Description CWE-276: Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as...

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

Overview Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities. Description CWE-259: Use of Hard-coded Password - CVE-2015-2904Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the...

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...

Chiyu Technology fingerprint access control contains multiple vulnerabilities

Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems...

Android Stagefright contains multiple vulnerabilities

Overview Stagefright is the media playback service for Android, introduced in Android 2.2 Froyo. Stagefright in versions of Android prior to 5.1.1r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device...

Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled

Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...

Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...

Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read

Overview Total Commander's File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker. Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bound...

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...

Kaseya Virtual System Administrator contains multiple vulnerabilities

Overview Kaseya Virtual System Administrator VSA, versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities. Description CWE-22: Improper Limitation of Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-2862Kaseya VSA is an IT management...

Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain amemory corruption...

Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 opaqueBackground property, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain a use-after-fre...

Windows Adobe Type Manager privilege escalation vulnerability

Overview The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain SYSTEM privileges on an affected Windows system. Description Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by Windows and provides...

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...

Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.194 contain a use-after-free...

ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities

Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL...

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-4640Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed...

Vesta Control Panel is vulnerable to cross-site request forgery

Overview Vesta Control Panel is vulnerable to a cross-site request forgery CSRF attack. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2015-2861Vesta Control Panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a...

Pearson ProctorCache contains hard coded credentials

Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package install...

Retrospect Backup Client uses weak password hashing

Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...

Avigilon Control Center is vulnerable to path traversal

Overview The Avigilon Control Center ACC is a server software for security and surveillance systems. The ACC Server is vulnerable to a path traversal attack, allowing an attacker to access any file on the server. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Pat...

CUPS print service is vulnerable to privilege escalation and cross-site scripting

Overview CUPS implements the Internet Printing Protocol IPP for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error. Description CWE-911: Improper Update of Reference Count - CVE-2015-1158An issue with how localized...

Aptexx Resident Anywhere exposes sensitive account information

Overview Aptexx Resident Anywhere does not require authentication to view and modify sensitive information contained in direct account and payment URLs, which can be leveraged to bypass authentication and access user accounts. Description CWE-288:Authentication Bypass Using an Alternate Path or...

Toshiba 4690 OS contains an information disclosure vulnerability

Overview The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains an information disclosure vulnerability. Description CWE-200: Information Exposure - CVE-2014-4876The Toshiba 4690 operating system, version 6 Release 3 and possibly earlier versions, contains...

Toshiba CHEC contains a hard-coded cryptographic key

Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...

McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates

Overview McAfee ePolicy Orchestrator versions 4.6.8 and earlier and 5.1.1 and earlier fail to properly validate SSL/TLS certificates. Description CWE-295: Improper Certificate Validation - CVE-2015-2859McAfee ePolicy Orchestrator ePO supports integration with external registered servers for a...

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Overview Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. Description Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities.CWE-352: Cross-Site...

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

Overview The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files. Description CWE-276: Incorrect Default Permissions - CVE-2015-2851The Synology Cloud Station sync client for OS X contains an executable named...

KCodes NetUSB kernel driver is vulnerable to buffer overflow

Overview KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution. Description KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.CWE-120: Buffer Copy...