3702 matches found
Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates
Overview Think Mutual Bank mobile banking app for iOS, version 3.1.5 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...
Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates
Overview Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295:...
Intel Active Management Technology (AMT) does not properly enforce access control
Overview Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system. Description CWE-284: Improper Access Control - CVE-2017-5689Intel offers a number of...
Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation
Overview Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. Description CWE-276: Incorrect Default Permissions - CVE-2017-3210A number of applications developed using the Portrait Displays SDK...
IBM Lotus Domino server mailbox name stack buffer overflow
Overview The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino...
DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP
Overview The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. Description The DBPOWER U8181A WIFI quadcopter drone is designed to record images and video from the air. The drone provides an undocumente...
Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Overview Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type, which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE uses the URL Moniker to processes remotely-linked content in ...
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...
GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed
Overview GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms, versions vF6 and vF2 respectively, fails to properly set the BIOSWE, BLE, SMMBWP, and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write...
Pandora iOS app does not properly validate SSL certificates
Overview The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation - CVE-2017-3194 Pandora is a streaming music service. On iOS devices...
PCAUSA Rawether for Windows local privilege escalation
Overview PCAUSA's Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. This vulnerability may be exploited to perform local privilege escalation on...
Commvault Edge contains a buffer overflow vulnerability
Overview Commvault Edge, version 11 SP6 11.80.50.0, is vulnerable to a stack-based buffer overflow vulnerability. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3195A stack based buffer overflow in the Commvault Edge Communication Service cvd allows remote attackers to execute...
D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...
Apache Struts 2 is vulnerable to remote code execution
Overview Apache Struts, versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10, is vulnerable to code injection leading to remote code execution RCE. Description CWE-94: Improper Control of Generation of Code - CVE-2017-5638An attacker can execute arbitrary OGNL code included in the "Content-Type" header of a...
D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability
Overview D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3193D-Link...
Flash Seats Mobile App for Android and iOS fails to validate SSL certificates
Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...
ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...
PHP FormMail Generator generates code vulnerable to multiple issues
Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...
dotCMS contains multiple vulnerabilities
Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...
Sage XRT Treasury database fails to properly restrict access to authorized users
Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT...
Hughes satellite modems contain multiple vulnerabilities
Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...
Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
Overview The Accellion FTP server prior to version FTA912220 is vulnerable to cross-site scripting and information exposure. Description CWE-204: Response Discrepancy Information Exposure- CVE-2016-9499Accellion FTP server only returns the username in the server response if the a username is...
Microsoft Windows SMB Tree Connect Response denial of service vulnerability
Overview Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system. Description Microsoft Windows fails to properly handle traffic from a malicious server. In particular...
SHDesigns Resident Download Manager does not authenticate firmware downloads
Overview SHDesigns' Resident Download Manager as well as the Ethernet Download Manager does not authenticate firmware downloads before executing code and deploying them to devices. Description CWE-494: Download of Code Without Integrity Check- CVE-2016-6567SHDesigns' Resident Download Manager...
Cisco WebEx web browser extension allows arbitrary code execution
Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...
CodeLathe FileCloud is vulnerable to cross-site request forgery
Overview CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery CSRF. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2016-6578CodeLathe FileCloud is an "is an Enterprise File Access, Sync and Share solution that runs on-premise." FileCloud,...
ThreatMetrix SDK for iOS fails to validate SSL certificates
Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description ThreatMetrix is a security library for mobile applications, which aims to...
ShoreTel Mobility Client mobile application does not verify SSL certificates
Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...
McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability
Overview McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability. Description According to the reporter, McAfee VirusScan Enterprise for Windows version 8.7i through at least 8.8 patch 7 contains a scriptproxy COM object that is vulnerable to the...
EpubCheck 4.0.1 contains a XML external entity processing vulnerability
Overview EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks. Description EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project most commonly being epub readers as a...
McAfee VirusScan for Linux contains multiple vulnerabilities
Overview McAfee VirusScan for Linux contains multiple vulnerabilities. Description McAfee VirusScan for Linux version 2.0.3 and prior is vulnerable to the following:CWE-200: Information Exposure - CVE-2016-8016 Multiple pages within the web interface utilize a tplt parameter. An authenticated...
Multiple Netgear routers are vulnerable to arbitrary command injection
Overview Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' , CWE-306:...
PHP FormMail Generator generates code with multiple vulnerabilities
Overview PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data. Description CWE-302: Authentication...
ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation
Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...
BSD libc contains a buffer overflow vulnerability in link_ntoa()
Overview The BSD libc library's linkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Description CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' - CVE-2016-6559Improper bounds checking of the obuf...
Sungard eTRAKiT3 may be vulnerable to SQL injection
Overview According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database. Description CWE-89: Improper Neutralization of Special Elements us...
Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability
Overview Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Firefox supports SVG animation through the use of SMIL. The...
NTP.org ntpd contains multiple denial of service vulnerabilities
Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...
Ragentek Android OTA update mechanism vulnerable to MITM attack
Overview Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges. Description CWE-494: Download of Code Without Integrity Check - CVE-2016-6564 Android...
Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability
Overview The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file. Description CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' - CVE-2016-6565The Imagely NextGen Gallery...
D-Link routers HNAP service contains stack-based buffer overflow
Overview D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-6563 Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields...
TrackR Bravo contains multiple vulnerabilities
Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313:Cleartext Storage in a File or on Disk - CVE-2016-6538The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in...
iTrack Easy contains multiple vulnerabilities
Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-200: Information Exposure - CVE-2016-6542The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the...
Zizai Tech Nut contains multiple vulnerabilities
Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...
Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
Overview The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization...
Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials
Overview Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials. Description CWE-255: Credentials Management- CVE-2016-6551Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp ...
Green Packet DX-350 contains insecure default credentials
Overview Green Packet DX-350 uses default credentials Description CWE-255: Credentials Management - CVE-2016-6552Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. --- Impact A remote attacker can ta...
Nuuo NT-4040 firmware contains insecure default credentials
Overview Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses default credentials Description CWE-255: Credentials Management - CVE-2016-6553Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote...
Synology NAS servers contain insecure default credentials
Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...
ASUS RP-AC52 contains multiple vulnerabilities
Overview The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery and command injection. Description CWE-352:Cross-Site Request ForgeryCSRF- CVE-2016-6557 The RP-AC52 web interface does not sufficiently verify whether a valid reque...