Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer

Overview A vulnerability in Microsoft Windows OLE could allow remote code execution if a user views a specially-crafted web page in Internet Explorer. Description The Microsoft Windows OLE OleAut32.dll library provides the SafeArrayRedim function that allows resizing of SAFEARRAY objects in memor...

Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets

Overview A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets. Description Microsoft Secure Channel Schannel is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw...

IBM Notes Traveler for Android transmits user credentials over HTTP

Overview The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials, which can allow an attacker to obtain this information. Description IBM Notes Traveler formerly known as Lotus Notes Traveler is an application that allows access to email,...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

Linksys SMART WiFi firmware contains multiple vulnerabilities

Overview Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. Description CWE-320: Key Management Errors - CVE-2014-8243An remote, unauthenticated attacker can read the router's .htpassword file by requesting https:///.htpasswd. The .htpasswd file...

drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery

Overview drchrono Electronic Health Record EHR web applications allow cross-site scripting XSS and cross-site request forgery CSRF that could allow an attacker to obtain sensitive patient information. Description drchrono provides an EHR web application service at drchrono.com, onpatient.com, and...

GNU Wget creates arbitrary symbolic links during recursive FTP download

Overview GNU wget allows arbitrary filesystem access when creating symbolic links during a recursive FTP download. This allows an attacker to overwrite files with the permissions of the user running wget. Description CWE-59:CWE-59: Improper Link Resolution Before File Access 'Link Following' Wget...

Incorrect implementation of NAT-PMP in multiple devices

Overview Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping...

Centreon contains multiple vulnerabilities

Overview Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-3829 Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are...

POODLE vulnerability in SSL 3.0

Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining CBC mode is used. This is commonly referred to as the "POODLE" Padding Oracle On Downgraded Legacy Encryption attack. Description CWE-327: U...

IBM WebSphere Application Server contains multiple vulnerabilities

Overview IBM WebSphere Application Server, including the Hypervisor Edition, contains cross-site scripting and cross-site request forgery vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-4770IBM WebSphere Applicatio...

BMC Track-It! contains multiple vulnerabilities

Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...

Cryoserver Security Appliance vulnerable to privilege escalation

Overview Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation Description CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support accou...

Rejetto HTTP File Server (HFS) search feature fails to handle null bytes

Overview Rejetto HTTP File Server HFS search feature in versions 2.3, 2.3a, and 2.3b fails to handle null bytes. Description CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a...

NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting vulnerability

Overview NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' NetCommWireless NB604N ADSL2+ Wireless N300 Modem Routers running...

HP System Management Homepage vulnerable to cross-site scripting

Overview HP System Management Homepage versions 7.2.3 and 7.3.2.1 contain a reflected cross site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2640HP System Management Homepage versions 7.2.3 and 7.3.2.1...

Brocade Vyatta 5400 vRouter contains multiple vulnerabilities

Overview Brocade Vyatta 5400 vRouter versions 6.4Rx, 6.6Rx, and 6.7R1 contain multiple vulnerabilities. Description Brocade Vyatta 5400 vRouter versions 6.4Rx, 6.6Rx, and 6.7R1 contain the following vulnerabilities:CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS...

GNU Bash shell executes commands in exported functions in environment variables

Overview GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. Description UPDATE: New CVE-IDs added for incomplete patches. Additional resources added and vendor patch information updated.CWE-78: OS Command Injection Bash supports exporting of...

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

Overview The Mozilla Network Security Services NSS library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Description CWE-295: Improper Certificate Validation RSA...

FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities

Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks CWE-300 and a heap-based overflow vulnerability CWE-122. Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks CWE-300 and a...

Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow

Overview Embarcadero Delphi and C++ Builder Visual Component Library VCL bitmap BMP file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code. Description Embarcadero Delphi and C++ Builder tools contain a buffer overflow CWE-119 in VCL BMP file...

CacheGuard OS contains a cross-site request forgery vulnerability

Overview CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. Description CWE-352: Cross-Site Request Forgery CSRF CacheGuard OS v5.7.7 does not sufficiently verify wheth...

Netgear ProSafe Plus Configuration Utility writes out plaintext passwords to backup configuration files

Overview The Netgear ProSafe Plus Configuration Utility exposes password information via the configuration backup file. Description CWE-200- Information Exposure The Netgear ProSafe Plus Configuration Utility provides a feature to back up switch configuration. In the backup file, the device...

Netmaster cable modem information leakage vulnerability

Overview The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default Description CWE-200- Information Exposure The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password...

Arris Touchstone cable modem information leakage vulnerabiliity

Overview Arris Touchstone DG950A cable modem enables SNMP public access by default. Description CWE-200- Information Exposure The Arris Touchstone DG950A cable modem running software version 7.10.131 was found to expose sensitive information such as passwords, ssids, and wifi keys via the SNMP...

Multiple Android applications fail to properly validate SSL certificates

Overview Multiple Android applications fail to properly validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description When communicating via HTTPS, an application should validate the SSL chain to be sure that the...

Iridium Pilot and OpenPort contain multiple vulnerabilities

Overview Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials CWE-798. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perfo...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

Cobham Sailor 6000 series satellite terminal contain hardcoded credentials

Overview Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. Description Note: this is a different vulnerability from VU460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite...

UEFI EDK2 Capsule Update vulnerabilities

Overview The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description The open source EDK2 project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Researchers at The MITRE Corporation have discovered...

Cobham thraneLINK improper verification of firmware updates vulnerability

Overview Cobham's thraneLINK protocol does not verify cryptographic signatures for firmware updates before installing them. This may allow an attacker to deploy a malicious firmware update to the device. Description CWE-347: Improper Verification of Cryptographic Signature IOActive reports that...

Cobham SATCOM products' web interface contains a weak password recovery vulnerability

Overview Some Cobham products have a web interface that contains a weak password recovery mechanism for the administrator account. Description CWE-640: Weak Password Recovery Mechanism for Forgotten Password IOActive has reported that Cobham SAILOR 900 VSAT, SAILOR FleetBroadBand 150/250/500,...

Cobham Sailor satellite terminals contain hardcoded credentials

Overview Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. Description CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcod...

Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability

Overview Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability. Description CWE-788: Access of Memory Location After End of Buffer An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow ...

Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting

Overview Silver Peak VX version 6.2.2.047968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-2974Silver Peak VX version 6.2.2.047968 contains a cross-site request forgery vulnerability in /php/useraccount.php...

Sabre AirCentre Crew solutions contain a SQL injection vulnerability

Overview Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier contain an SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier are...

TestRail cross-site scripting vulnerability

Overview TestRail version 3.1.1.3130 contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Gurock Software TestRail version 3.1.1.3130 contains a stored cross-site scripting vulnerability. The Created ...

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121-Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow,...

Resin Pro improperly performs Unicode transformations

Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...

Huawei E355 contains a stored cross-site scripting vulnerability

Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected...

MicroPact iComplaints cross-site scripting vulnerability

Overview MicroPact iComplaints contains a persistent cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' MicroPact iComplaints contains a persistent cross-site scripting vulnerability. The AddStdLetter.jsp file...

Kaseya's agent driver contains NULL pointer dereference

Overview Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. Description CWE-476: NULL Pointer Dereference Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. --- Impact A local authenticated attacker may be able to cause a denial-of-service...

Datum Systems satellite modem devices contain multiple vulnerabilities

Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

Liferay Portal PCE contains multiple cross-site scripting vulnerabilities

Overview Liferay Portal versions 6.1.2 CE GA3, 6.1.X EE, 6.2.X EE, Master contain multiple cross-site scripting vulnerabilities Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2963Liferay is affected by a Persistent Cross Site...

AVG Safeguard and Secure Search ActiveX controls provides insecure methods

Overview The AVG Secure Search toolbar, also known as AVG Safeguard includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description AVG Secure Search is a toolbar add-on...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...

Autodesk VRED contains an unauthenticated remote code execution vulnerability

Overview Autodesk VRED contains an unauthenticated remote code execution vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection': Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability...

SpamTitan contains a reflected cross-site scripting (XSS) vulnerability

Overview SpamTitan contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management...

Belkin N150 path traversal vulnerability

Overview Belkin N150 wireless routers contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2014-2962Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability...