Oracle Outside In OS/2 Metafile parser stack buffer overflow

Overview Oracle Outside In contains a stack buffer overflow vulnerability in the OS/2 Metafile parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...

D-Link routers authenticate administrative access using specific User-Agent string

Overview Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be...

SAP Sybase Adaptive Server Enterprise vulnerable to XML injection

Overview SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability CWE-91. Description CWE-611:Improper Restriction of XML External Entity Reference 'XXE' SAP Sybase Adaptive Server Enterprise ASE Version 15.7 ESD 2 contains an...

Oracle Outside In Microsoft Access 1.x parser stack buffer overflow

Overview Oracle Outside In contains a stack buffer overflow vulnerability in the Microsoft Access 1.x database file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over...

HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password

Overview HR Systems Strategies info:HR HRIS 7.9 and possibly earlier versions allow read access to a weakly obfuscated database password. This password is shared by all clients within an info:HR site. A local attacker can decipher the password and gain complete control of the database and...

Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass

Overview Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 and possibly earlier versions contains an authentication bypass vulnerability CWE-592. Description CWE-592: Authentication Bypass Issues Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 contain...

ASUS RT-N10E Wireless Router vulnerable to authentication bypass

Overview ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability CWE-592. Description CWE-592: Authentication Bypass Issues ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability. An attacker with network access to the device can navigate to the web page...

McAfee Managed Agent contains a denial-of-service (DoS) vulnerability

Overview McAfee Managed Agent versions 4.5, 4.6, and possibly earlier versions contain a denial-of-service DoS vulnerability CWE-400. Description CWE-400:Uncontrolled Resource Consumption 'Resource Exhaustion' McAfee Managed Agent versions 4.5 and 4.6 contain a denial-of-service DoS vulnerability...

Baramundi Management Suite transmits data and stores keys and credentials insecurely

Overview Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission. Description CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in...

Microsoft Office 2010 Visio iFilter memory corruption vulnerability

Overview The Microsoft Office 2010 Visio iFilter contains a memory corruption vulnerability that can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office 2010 provides a set of iFilters that are used by a variety of applications to process Office...

L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack

Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...

HP System Management Homepage vulnerable to a denial-of-service condition

Overview HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow HP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the...

KnowledgeView Editorial and Management application cross-site scripting vulnerability

Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...

Dell iDRAC 6 and iDRAC 7 are vulnerable to a cross-site scripting (XSS) attack

Overview Dell iDRAC 6 version 1.41, Dell iDRAC 7 version 1.40.40 and possibly earlier versions contain a reflected cross-site scripting XSS CWE-79 vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Dell iDRAC 6 version 1.41 and De...

NETELLER Direct Payment API is not vulnerable to reported parameter manipulation

Overview NETELLER Direct Payment API version 4.1.6 and possibly earlier versions were reported to be vulnerable to parameter manipulation via a modified HTTP POST request. After further analysis and discussion with NETELLER, this report was found to be incorrect. The NETELLER Direct Payment API i...

Dahua Security DVRs contain multiple vulnerabilities

Overview Digital video recorders DVR produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Description Dahua Technologies Co., Ltd. produces DVR appliances that contain multiple vulnerabilities.CWE-798:...

Oracle E-Business Suite password disclosure vulnerability

Overview Oracle E-Business Suite 12.0-12.1, when used with the native login pages or single sign-on SSO / Oracle Access Management OAM with the native login pages, contains a credential exposure vulnerability. Description Oracle E-Business Suite administrators who have applied CPU patches for Jul...

Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS)

Overview Cisco Prime NCS and WCS Health Monitor Login pages contain a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Cisco Prime Network Control System NCS and Wireless Control System...

AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass

Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...

Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities

Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...

Coursemill Learning Management System contains multiple vulnerabilities

Overview Coursemill Learning Management System version 6.6 and 6.8 contains multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web Parameter - CVE-2013-3599In Coursemill 6.6, when loading the home page /coursemill/cm0660/home.html the response to the userlogin.js...

Corporater EPM Suite is vulnerable to cross-site request forgery and cross-site scripting

Overview Corporater EPM Suite contains cross-site request forgery CSRF CWE-352 and reflected cross-site scripting XSS CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2013-3583Corporater EPM Suite contains a cross-site request forgery vulnerability on the...

Real Media Player filename handler stack buffer overflow vulnerability

Overview Real Media Player fails to parse filenames correctly, which may allow a remote, unauthenticated attacker to execute arbitrary code in the context of the logged in user. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-4973Real Media Player versions prior to version 16.0.3.51 a...

SearchBlox contains multiple vulnerabilities

Overview SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system. Description SearchBlox versions 7.4 Build 1 and older contain multiple...

Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure

Overview Samsung Web Viewer for Samsung DVR contains multiple vulnerabilities including: Cleartext Storage in a File or on Disk CWE-313 and Authentication Bypass by Assumed-Immutable Data CWE-302. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2013-3585Web Viewer for Samsung DV...

Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow

Overview Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows CWE-119, which can bypass the signed BIOS enforcement standard. Description CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer Dell BIOS in some olde...

Huawei networking equipment weak password cipher

Overview Huawei networking equipment use a DES encryption algorithm for password and encryption. DES is publicly known to be easily cracked. Description Huawei Security Advisory Huawei-SA-20120827-01-CX600 states:In multiple Huawei products, DES encryption algorithm is used for password and the...

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Overview The Open Shortest Path First OSPF protocol does not specify unique Link State Advertisement LSA lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service DoS attack. Description CWE-694: Use of Multiple Resources with a Duplicate Identifier The OSPF...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...

Verizon Wireless Network Extender multiple vulnerabilities

Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...

Wave EMBASSY Remote Administration Server SQL injection vulnerabilities

Overview The Wave EMBASSY Remote Administration Server ERAS contains the ERAS Help Desk application that fails to filter user input allowing for the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote authenticated attacker to execute procedures or SQL queries...

Choice Wireless Green Packet 4G WiMax modem vulnerability

Overview Choice Wireless Green Packet 4G WiMax modem, model number WIXFMR-111, fails to properly validate ajax requests allowing a remote unauthenticated attacker to view system configuration information or possibly execute commands on the device. Description It has been reported that Choice...

Lookout Mobile Security contains a denial-of-service vulnerability

Overview Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability. Description Lookout Mobile Security version 8.14.1-7fe5f1 crashes if an intent is sent to com.lookout.security.ScanTell with no arguments. --- Impact A malicious...

Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net firmware exposes private root SSH key

Overview Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System EAS devices exposed a shared private root SSH key in publicly available firmware images. An attacker with SSH access to a device could use the key to log in with root privileges. Description The Digit...

Oracle Javadoc HTML frame injection vulnerability

Overview Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page. Description...

HP System Management Homepage contains a command injection vulnerability

Overview HP System Management Homepage contains a command injection vulnerability CWE-77 that may result in arbitrary command execution and privilege escalation. Description Markus Wulftange from Daimler TSS reports: The vulnerability is located in the ginkgosnmp.inc PHP file in the...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

Overview HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities. Description It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute...

Faircom c-treeACE database weak obfuscation algorithm vulnerability

Overview Faircom c-treeACE provides a weak obfuscation algorithm CWE-327 that may be unobfuscated without knowledge of a key or password. The algorithm was formerly called Faircom Standard Encryption but is now called Data Camouflage. Description Faircom c-treeACE provides a weak obfuscation...

Parallels Plesk Panel phppath/php vulnerability

Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...

IBM QRadar SIEM command injection vulnerability

Overview IBM QRadar SIEM software contains a command injection vulnerability that allows an authenticated user to execute operating system commands on the QRadar device. Description The IBM security bulletin for CVE-2013-2970 states:A command injection vulnerability has been discovered within the...

QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities

Overview QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS contains multiple vulnerabilities which may allow an attacker to perform administrative functions against the hosted server. Description QNAP VioStor NVR firmware version 4.0.3 and possibly earlier version...

Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability

Overview The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Description The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array...

Mutiny Appliance contains multiple directory traversal vulnerabilities

Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...

Serva32 2.1.0 TFTPD service buffer overflow vulnerability

Overview Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability. Description The Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability when parsing large read requests. When the application reads in a large buffer the application crashes. --- Impact An unauthenticated...

Adobe ColdFusion 9 & 10 code injection vulnerability

Overview Adobe ColdFusion 9, 9.0.1, 9.0.2 with the APSB13-03 hotfix and 10 are vulnerable to a code injection vulnerability when ColdFusion is configured to not require authentication and RDS is disabled. Description Adobe ColdFusion is vulnerable to a code injection attack when RDS is disabled a...

Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability

Overview Microsoft Internet Explorer 8 contains a use-after-free vulnerability in the CGenericElement object, which is currently being exploited in the wild. Description Microsoft Security Advisory 2847140 states:Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer...

IBM Notes runs arbitrary JAVA and Javascript in emails

Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...

McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities

Overview McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability which could allow an attacker to inject malicious code into the system. Description McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticat...

Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations

Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...