Esri ArcGIS server 10.1 contains a blind SQL injection vulnerability

Overview Esri's ArcGIS server version 10.1 contains a blind SQL injection vulnerability that allows remote attackers to execute a subset of SQL commands via a query operation where clause. Description The Esri ArcGIS server version 10.1 contains a blind SQL injection vulnerability CWE-89 for REST...

Agile FleetCommander and FleetCommander Kiosk versions prior to 4.08 contain multiple vulnerabilities

Overview Agile FleetCommander and FleetCommander Kiosk were found to have multiple XSS, CSRF, information disclosure and SQLi vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-4941SQL Injection Vulnerabilities:...

VeriCentre web application SQL injection vulnerability

Overview The VeriCentre web application contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'The VeriCentre web application contains a SQL injection vulnerability within the TerminalId, ModelName, and...

Symantec Antivirus products fail to properly handle CAB files

Overview Multiple Symantec Antivirus products fail to properly handle CAB files, which may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description The CAB file decomposer component that is used by multiple Symantec Antivirus products fails to properl...

Sophos Antivirus contains multiple vulnerabilities

Overview Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Description Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Tavis Ormandy's security report lists the following vulnerabilities...

Fortigate UTM appliances share the same default CA certificate

Overview Fortigate UTM appliances that support SSL/TLS deep packet inspection share the same self-signed Fortigate CA certificate and associated private key across all devices. The private key, which has been compromised, allows attackers to create and sign fake certificates. Description Fortigat...

Pattern Insight 2.3 contains multiple vulnerabilities

Overview The Pattern Insight web interface contains multiple vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF CVE-2012-4935: Pattern Insight: CSRF protections do not existWhen an already authorized victim navigates to a malicious site containing a hidden form request, it is...

SolarWinds Orion IPAM web interface reflected xss vulnerability

Overview SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. ...

Axigen Mail Server directory traversal vulnerability

Overview Axigen Mail Server contains a directory traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted DirectoryAxigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The 'View Log...

CA ARCserve Backup opcode 0x7a RWSList remote code execution vulnerability

Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a pre-authentication remote code execution vulnerability. Arbitrary code will run with NT AUTHORITY\SYSTEM privileges. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Securit...

CA ARCserve Backup authentication service denial-of-service vulnerability

Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Security advisory states:By specifying an invalid field size for the encrypted username or...

TomatoCart with PayPal Express Checkout design flaw vulnerability

Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mod...

HP/H3C and Huawei networking equipment h3c-user snmp vulnerability

Overview HP/H3C and Huawei networking equipment contains a vulnerability which could allow an attacker to access administrative functions of the device using systems network management protocol SNMP requests. Description According to the researcher's report.:"HP/H3C and Huawei networking equipmen...

DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

Overview DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using keys that are too weak 1024 bits or that are marked as test keys. Description RFC 6376 states "DomainKeys Identified Mail DKIM permits a person, role, or organization to clai...

Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability

Overview Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Description The CORE Security Technologies advisory states:"An out-of-bounds read error condition exists in...

Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities

Overview Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...

Mutiny Technology virtual appliance command injection vulnerability

Overview The Mutiny Technology virtual appliance contains a command injection vulnerability which could allow an attacker to inject commands into the appliance. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection'The Mutiny Technology virtual...

OTRS contains a cross-site scripting vulnerability

Overview Open Technology Real Services OTRS contains a cross-site scripting XSS CWE-79 vulnerability in the body of HTML emails viewed within the OTRS application. Description OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.OTRS Security Advisory 2012-03...

Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability

Overview The web console for Novell ZENworks Asset Management 7.5 contains an information disclosure vulnerability. This vulnerability allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Description The Novell...

Multi-vendor IP camera web interface authentication bypass

Overview The web interface firmware for Foscam and Wansview H.264 Hi3510/11/12 IP cameras contain an authentication bypass vulnerability. Other vendors that share the same base firmware image are also vulnerable. Description It has been reported that the web interface for IP cameras from several...

Cerberus FTP Server web interface cross-site request forgery vulnerability

Overview The Cerberus FTP Server web interface contains a cross-site request forgery vulnerability Description CWE-352: Cross-Site Request Forgery CSRF: The Cerberus FTP Server web interface is vulnerable to CSRF using the HTTP POST method in the :10000/usermanager/users/modify. The application h...

Trend Micro Control Manager adhoc query vulnerability

Overview Trend Micro Control Manager fails to properly filter user-supplied input within the ad hoc query module which could allow an attacker to upload and execute arbitrary code against the system. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL...

JAMF Software Casper Suite contains a cross-site request forgery vulnerability

Overview JAMF Software's Casper Suite is susceptible to a cross-site request forgery CSRF CWE-352 vulnerability. Description JAMF Software's Casper Suite, a Mac OS X and iOS client management framework, contains a cross-site request forgery CSRF CWE-352 vulnerability. The reporter provided a...

osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability

Overview osCommerce 2.3.1 and possibly other versions with the PayPal website payments standard module is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that osCommerce 2.3.1 using the PayPal websit...

CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability

Overview CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. Description According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing...

Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.

Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...

Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability

Overview Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability CWE-416 that may result in remote code execution. Description Microsoft Internet Explorer 6/7/8/9 contains a use-after-free vulnerability in the CMshtmlEd::Exec function. An attacker may...

Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities

Overview Trend Micro InterScan Messaging Security Suite Version 7.1-BuildWin321394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities. Description Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting CWE-79 a...

F5 Networks ASM appliance contains a cross-site scripting vulnerability

Overview F5 Networks ASM appliance versions 10.0.0 through 11.2.0 HF2 are susceptible to a cross-site scripting vulnerability in the traffic overview page. Description A cross-site scripting XSS CWE-79 vulnerability exists in the traffic overview page. By sending several malicious requests, an...

Webmin contains input validation vulnerabilities

Overview Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities. Description The advisories from American Information Security Group report the following vulnerabilities.CWE-20: Improper Input Validation - CVE-2012-2981 "An input validation flaw...

Ipswitch WhatsUp Gold 15.02 contains SQL injection and XSS vulnerabilities

Overview Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities. Description Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities.CWE-79-CVE-2012-2601 - Blind SQL...

Open Technology Real Services nested tags cross-site scripting vulnerability

Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability when viewing HTML webpages with nested tags. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load...

Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Overview Oracle Java Runtime Environment JRE 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. Description The Oracle Java Runtime Environment JRE 1.7 allows users to run Java applications in a browser or as...

MarkAny ContentSAFER MASetupCaller ActiveX control arbitrary download and execution

Overview The MarkAny ContentSAFER MASetupCaller ActiveX control fails to restrict access to dangerous methods, which can allow a remote unauthenticated attacker to download and execute arbitrary code on a vulnerable system. Description MarkAny ContentSAFER is a DRM and watermarking product that i...

Websense Content Gateway XSS vulnerabilities

Overview Websense Content Gateway contains XSS vulnerabilities. Description Websense Content Gateway contains the following post-authentication reflective XSS vulnerabilities within the menu and item parameter values in the /monitor/moverview.ink webpage. The reflective XSS reported allows for...

Open Technology Real Services cross-site scripting vulnerability

Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load arbitrary script in the context of the user's...

HP Virtual SAN appliance root shell command injection

Overview The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection CWE-77 vulnerability. Description Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a...

Samsung and HTC android phone information disclosure vulnerability

Overview Certain Samsung and HTC android phones store user interactions to the dmesg buffer which could allow a a malicious application to derive certain user-inputted information from the phone. Description The Android operating system on certain Samsung and HTC mobile phones store certain user...

CuteSoft Cute Editor 6.4 reflected cross site scripting

Overview CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting XSS CWE-79 vulnerability. Description CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting XSS CWE-79 vulnerability. The GET request parameter called UploadID...

HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...

Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilities

Overview Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting XSS, and cross-site request forgery CSRF vulnerability. Description Solarwinds Network Performance Monitor 10.2.2 can be attacked by modifying the snmpd.conf file with malicious...

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Overview BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information. Description According to BreakingPoint's website,the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide...

Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

Overview Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page. Description It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so symlinked to /usrl/lib/browser/plugins/libkindleplugin.so tha...

IBM ISS Proventia Mail Security contains multiple vulnerabilities

Overview IBM ISS Proventia Mail Security contains cross-site scripting and arbitrary file read vulnerabilities. Description The IBM security advisories state:CVE-2012-2955 "The administrative user interface contains pages where it is possible to inject arbitrary JavaScript code contained in an HT...

Dell SonicWALL Scrutinizer SQL injection vulnerability

Overview Dell SonicWALL Scrutinizer 9.5.0 and older versions contain a SQL injection vulnerability. Description The Dell SonicWALL service bulletin states:"After the release of Dell SonicWALL Scrutinizer 9.5.0, we received a report of an issue whereby a Scrutinizer user who had already...

Symantec Web Gateway contains multiple vulnerabilities

Overview The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection. Description The Symantec SYM12-011 advisory states:"Symantec's Web Gateway management console is susceptible to multiple security...

Caucho's Quercus on Resin contains multiple vulnerabilities

Overview Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description It has been reported that Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to...

Oracle Outside In contains multiple exploitable vulnerabilities

Overview Oracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats...

Johnson Controls CK721-A and P2000 remote command execution vulnerability

Overview Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices. Description The "download" port tcp/41014 on the CK721-A device is vulnerable to remote command...

SMC SMC8024L2 switch web interface authentication bypass

Overview The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. Description The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An...