Subrion CMS vulnerable to SQL injection by an authenticated user

Overview Subrion CMS is vulnerable to SQL injection from authenticated users when a browser cookie is modified in a certain way. Description Subrion is an open source web-based content management system CMS. Subrion is vulnerable to SQL injection due to deserialization of untrusted data from a...

Bomgar Remote Support Portal deserializes untrusted data

Overview Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation, allowing an attacker to potentially execute arbitrary PHP code. Description CWE-502: Deserialization of Untrusted Data Bomgar Remote Support version 14.3.1 and...

ICU Project ICU4C library contains multiple overflow vulnerabilities

Overview ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow. Description The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software...

EMC AutoStart is vulnerable to remote code execution via specially crafted packets

Overview EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets. Description EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters o...

Barracuda Web Filter insecurely performs SSL inspection

Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks, the...

NetNanny uses a shared private key and root CA

Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...

Hewlett-Packard Network Automation contains multiple vulnerabilities

Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cro...

Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

Overview The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting XSS and information disclosure. Description The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.A cross-site scripting vulnerability...

SearchBlox contains multiple vulnerabilities

Overview SearchBlox versions 8.1.x and below contain multiple vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0967SearchBlox contains multiple cross-site scripting XSS vulnerabilities, including a reflected XSS in...

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...

NTP Project ntpd reference implementation contains multiple vulnerabilities

Overview NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. Description CVE-2015-1798, bug 2779:In NTP4 installations utilizing symmetric key authentication,...

X-Cart contains multiple vulnerabilities

Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting XSS, and versions 5.1.10 and below are vulnerable to authorization bypass. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0950X-Cart versions 5.1...

Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link

Overview Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service DoS amplification attacks. Description Multicast DNS mDNS is a way for...

Multiple SSL certificate authorities use predefined email addresses as proof of domain ownership

Overview Multiple SSL certificate authorities may issue certificates to a customer based solely on the control of certain email addresses. This may allow an attacker to obtain a valid SSL certificate to perform HTTPS spoofing without generating a warning in the client software. Description When a...

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276: Incorrect...

NSIS Inetc plug-in fails to validate SSL certificates

Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports...

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Overview Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. According to Corey Kallenber...

HP ArcSight contains multiple vulnerabilities

Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...

D-Link DAP-1320 Rev Ax is vulnerable to a command injection

Overview The D-Link DAP-1320 Rev Ax firmware update mechanism contains a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' A remote unauthenticated attacker may execute commands on the device by taking...

D-Link DCS-93xL model family allows unrestricted upload

Overview The D-Link DCS-93xL family of devices specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models allows an attacker to upload arbitrary files from the attackers system. Description CWE-434: Unrestricted Upload of File with Dangerous Type The D-Link DCS-93xL family of devices allo...

Telerik Analytics Monitor Library allows DLL hijacking

Overview Telerik Analytics Monitor Library is a third-party application analytics service that collects detailed application metrics for vendors. Some versions of the Telerik library allow DLL hijacking, allowing an attacker to load malicious code in the context of the Telerik-based application...

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

Overview Some implementations of SSL/TLS accept export-grade 512-bit or smaller RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle MiTM could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This iss...

ShareLaTeX vulnerable to remote command execution and information disclosure

Overview ShareLaTeX is a server-based software allowing group collaboration on LaTeX documents. ShareLaTeX prior to version 0.1.3 has been found to be vulnerable to command injections and information disclosure. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path...

Multiple Toshiba products are vulnerable to trusted service path privilege escalation

Overview Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability. Description CWE-428: Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27T and earlier, as well as TOSHIBA Service...

Adtrustmedia PrivDog fails to validate SSL certificates

Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described "interception engine" designed to enable developers to integrate proxy services and w...

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...

Microsoft Windows domain-configured client Group Policy fails to authenticate servers

Overview Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention UNC paths. Description Microsoft has released MS15-011, detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers ov...

Topline Systems Opportunity Form vulnerable to information disclosure

Overview Topline Systems Opportunity Form contains an information disclosure vulnerability. Description CWE-200: Information Exposure Topline Systems Opportunity Form is a macro-enabled Excel spreadsheet that contains connection strings to a public-facing database. By running procedures included ...

Ektron Content Management System (CMS) contains multiple vulnerabilities

Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Overview The nsshostnamedigitsdots function of the GNU C Library glibc allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". Description According to Qualys, the...

LabTech contains privilege escalation vulnerability

Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284: Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root...

QPR Portal contains multiple vulnerabilities

Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...

iPass Open Mobile Windows Client contains a remote code execution vulnerability

Overview The iPass Open Mobile Windows Client versions 2.4.4 and earlier contains a remote code execution vulnerability. Description CWE-94: Improper Control of Generation of Code 'Code Injection' The iPass Open Mobile Windows Client versions 2.4.4 and earlier utilizes named pipes for interproces...

Ceragon FiberAir IP-10 Microwave Bridge contains a default root password

Overview Ceragon FiberAir IP-10 Microwave Bridge contains a default root password. Description CWE-255:Credentials Management Ceragon FiberAir IP-10 Microwave Bridges contain a default root password. The root account can be accessed through ssh, telnet, command line interface, or via HTTP. The...

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE...

Intel BIOS locking mechanism contains race condition that enables write protection bypass

Overview A race condition exists in Intel chipsets that rely solely on the BIOSCNTL.BIOSWE and BIOSCNTL.BLE bits as a BIOS write locking mechanism. Successful exploitation of this vulnerability may result in a bypass of this locking mechanism. Description CWE-362: Concurrent Execution using Share...

Tianocore UEFI implementation reclaim function vulnerable to buffer overflow

Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Some commercial UEFI implementations...

AppsGeyser generates Android applications that fail to properly validate SSL certificates

Overview AppsGeyser generates applications that fail to properly validate SSL certificates. Description AppsGeyser is an online tool that generates Android applications. At the time of publication of this vulnerability note, the AppsGeyser website claims to have generated over 1.3 million Android...

NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)

Overview The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client...

Multiple broadband routers use vulnerable versions of Allegro RomPager

Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office SOHO routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to...

Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values

Overview The Intelligent Platform Management Interface IPMI v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI...

CA LISA Release Automation contains multiple vulnerabilities

Overview CA LISA Release Automation 4.7.1.385 contains multiple vulnerabilities Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-8246CA LISA Release Automation 4.7.1.385 contains a global Cross-Site Request Forgery CSRF vulnerability. The application allows a malicious user to...

EMC Documentum products contain multiple vulnerabilities

Overview EMC Documentum products including Content Server, D2, and Web Development Kit WDK contain multiple vulnerabilities. Description EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor,...

Honeywell OPOS suite Stack Buffer Overflow vulnerability

Overview The Honeywell OPOS OLE for Retail Point-of-Sale POS Suite is vulnerable to a stack buffer overflow attack. Description The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows...

Recursive DNS resolver implementations may follow referrals infinitely

Overview Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server. Description RFC 1034 describes the standard technical issues of enabling domain delegations in DNS, but does not provide a specific implementation, leaving DNS serve...

Zenoss Core contains multiple vulnerabilities

Overview The Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code. Description The Zenoss Core application, server, and network management platform software...

Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature

Overview Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain. Description CWE-347: Improper Verification of Cryptographic...