Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities

Overview Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities. Description Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...

Synel SY-780/A terminal denial-of-service vulnerability

Overview Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned. Description According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and acces...

Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

Overview Simple Certificate Enrollment Protocol SCEP does not strongly authenticate certificate requests made by users or devices. Update March 19, 2025: Solution section has been updated. Description IETF Internet-Draft draft-nourse-scep-23 "...defines a protocol, Simple Certificate Enrollment...

ATA interface software may not properly handle ATA security features

Overview ATA interface software, including multiple system board BIOS implementations do not adequately manage the ATA hard drive security mode. An attacker may be able to manipulate this situation to completely lock a hard drive resulting in an almost unrecoverable denial-of-service condition...

Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities

Overview Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities:CWE-79: Improper...

SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware

Overview Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. Intel claims that this vulnerability...

BMC Identity Management Suite cross-site request forgery vulnerability

Overview BMC Identity Management Suite v7.5.00.103 and possibility other versions are vulnerable to cross-site request forgery vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF:It has been reported that BMC Identity Management Suite v7.5.00.103 and possibility other versions a...

ForeScout CounterACT reflected XSS vulnerability

Overview The ForeScout CounterACT appliance contains reflected cross-site scripting XSS vulnerabilities. Description The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities CWE-79. The following are a couple...

ScrumWorks Pro privilege escalation vulnerability

Overview ScrumWorks Pro versions prior to ScrumWorks Pro 6.0 contain a privilege escalation vulnerability. Description ScrumWorks Pro versions prior to ScrumWorks Pro 6.0 contain a privilege escalation vulnerability where a malicious user can escalate the privileges of their ScrumWorks Pro accoun...

Video drivers may fail to support Address Space Layout Randomization (ASLR)

Overview Some video drivers fail to support ASLR in Microsoft EMET "Always on" mode, which can limit the amount that such a system can be secured. Description ASLR, when combined with DEP Data Execution Prevention can be an effective mitigation against exploitation of vulnerabilities. For more...

Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability

Overview Symantec Endpoint Protection SEP Network Threat Protection module running on a Microsoft Internet Information Services IIS webserver contains a denial of service vulnerability when probed by an audit tool. Description Symantec Security Advisory SYM12-007 states:Overview Versions of...

ISC BIND 9 zero length rdata named vulnerability

Overview ISC BIND 9 named contains a vulnerability that could allow a attacker to cause named to terminate unexpectedly. Description According to ISC's security advisory:This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null ze...

Quagga BGP OPEN denial of service vulnerability

Overview Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Description CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling. Program Impacted: bgpd: fix DoS in bgpcapabilityorf Description: I...

AutoFORM PDM Archive contains multiple vulnerabilities

Overview AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document...

Bloxx Web Filtering multiple vulnerabilities

Overview Bloxx Web Filtering contains multiple XSS, CSRF, and authentication bypass vulnerabilities. Description According to Bloxx's website, Bloxx Web Filtering is a real-time Web content filter which performs live analysis and real-time categorization of Web pages to dramatically improve...

dotCMS template permissions allow arbitrary code execution

Overview The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious template with arbitrary code. Description An authenticated dotCMS user with the permissions required to author...

Seagate BlackArmor device static administrator password reset vulnerability

Overview The Seagate BlackArmor network attached storage device contains a static administrator password reset vulnerability. Description The Seagate BlackArmor network attached storage device contain a static php file used to reset the administrator password. A remote unauthenticated attacker wi...

Xelex Technologies MobileTrack contains multiple vulnerabilities

Overview Xelex Technologies' MobileTrack application has been reported to not verify the source of administrative SMS commands. An unauthenticated remote attacker can send commands over SMS to MobileTrack. User data is also exposed on an insecure FTP server account. Description The website for...

HP Business Service Management 9.12 remote code execution vulnerability

Overview The HP Business Service Management HPBSM application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected. Description HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains op...

PHP-CGI query string parameter vulnerability

Overview PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. Description According to PHP's website, "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." When PHP is use...

Oracle database TNS listener vulnerability

Overview The Oracle database component contains a vulnerability in the TNS listener service that may be exploited to sniff database traffic and run arbitrary database commands. Description The Oracle database component contains a vulnerability in the TNS listener service that has been referred to...

RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password

Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...

Pluck SiteLife software multiple XSS vulnerabilities

Overview Pluck SiteLife software contains multiple XSS vulnerabilities. Description According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting XSS vulnerabilities. CWE-79:...

Netgear FVS318N router default remote management vulnerability

Overview Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default. Description Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote WAN internet users access to the administrator web interface of the...

TP-Link 8840T DSL router default remote management vulnerability

Overview The TP-Link 8840T DSL router's remote management feature is enabled by default. Description The TP-Link 8840T DSL router allows remote WAN internet users access to the administrator web interface of the device by default. --- Impact A remote unauthenticated attacker may be able to access...

Multiple vulnerabilities in Intuit QuickBooks

Overview Intuit QuickBooks 2009 through 2012 have been reported to contain a file disclosure and heap corruption vulnerability. Description Derek Soeder's vulnerability report states the following:Intuit Help System Protocol File Retrieval The vulnerability described in this document can be...

Quagga contains multiple vulnerabilities

Overview Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Description Quagga 0.99.20 and previous versions are susceptible to various denial-of-service conditions. The Quagga advisories state the following:CVE-2012-0249 :E rror in...

@Mail Open webmail client contains multiple vulnerabilities

Overview The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type CWE-434, relative path traversal CWE-23, external control of file name or path CWE-73, and information exposure CWE-200. Description The @Mail Open 1.04 webmail...

LG-Nortel ELO GS24M Switch contains multiple vulnerabilities

Overview The LG-Nortel ELO GS24M switch web management interface contains multiple vulnerabilities including; authentication bypass CWE-592 and information exposure CWE-200. Description The LG-Nortel ELO GS24M switch web management interface authentication can be bypassed by accessing URL's for...

WebGlimpse command injection vulnerability

Overview Webglimpse, a web site search application, contains a command injection vulnerability. Description The webglimpse.cgi script contains a command injection vulnerability. An attacker can use a specifically crafted query URL parameter to run system commands. The results of the command will ...

Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries web interface and preconfigured password vulnerabilities

Overview Cross scripting and preconfigured password vulnerabilities have been reported to exist in the Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries. Description Quantum Scalar i500, Dell ML6000 and IBM TS3310 enterprise tape libraries contain multiple web interface and...

InspIRCd heap corruption vulnerability

Overview InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query. Description InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can b...

Microsoft Remote Desktop Protocol (RDP) insecurely deallocates memory

Overview The Microsoft Remote Desktop Protocol RDP service contains a double-free vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Remote Desktop Protocol RDP provides a remote graphical interface to...

Cisco AnyConnect Clientless SSL VPN Portforwarder ActiveX control buffer overflow

Overview The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco AnyConnect is an SSL VPN solution that is commonly initiated through use of a web browser...

AjaXplorer contains multiple vulnerabilities

Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...

libpng chunk decompression integer overflow vulnerability

Overview The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphi...

EasyVista single sign-on authentication bypass vulnerability

Overview EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature. Description EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature that does not use encoded values. If an attacker can obtain the login names for...

UTC Fire & Security Master Clock contains hardcoded default administrator login credentials

Overview UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock have default administrator login credentials that can not be modified by an administrator. Description UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock via Zigbee can sync up to 60,000 slave clocks located throughout a campus-area...

HP StorageWorks P2000 G3 directory traversal vulnerability

Overview HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which m...

ISC BIND 9 resolver cache vulnerability

Overview ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration. Description According to ISC:I SC has been notified by Haixin Duan a professor at Tsinghua University in Beijing China, who is...

Project Open cross-site scripting vulnerability

Overview Project Open po version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting XSS vulnerability in the account-closed.tcl script Description The XSS vulnerability CWE-79 is contained within the message parameter in the account-closed.tcl script...

Apple Mac OS X ATS data-font memory corruption vulnerability

Overview Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X ATS Apple Type Services fails to properly handle malformed data-font .dfont files, resulting in...

Apple Mac OS X CoreText embedded font vulnerability

Overview Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a text layout and font processing engine that is used to handle embedded fonts.CoreTe...

802.1X password exploit on many HTC Android devices

Overview A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. Description Any Android application on an affected HTC build with the android.permission.ACCESSWIFISTATE permission can use the .toString...

Linux Kernel local privilege escalation via SUID /proc/pid/mem write

Overview Linux kernel = 2.6.39 incorrectly handles the permissions for /proc//mem. A local, authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation. Description /proc//mem is a...

Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser

Overview Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...

Wibu-Systems CodeMeter remote denial of service vulnerability

Overview Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets. Description Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listen...

Hash table implementations vulnerable to algorithmic complexity attacks

Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service DoS condition. Description Many applications, including common...

WiFi Protected Setup (WPS) PIN brute force vulnerability

Overview The WiFi Protected Setup WPS PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8...

Unbound multiple denial-of-service vulnerabilities

Overview A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash. Description NLnetLabs advisory states:== Description 1: crash on signed duplicate Resource Records There are authoritative servers that...