Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

Overview GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms, versions vF6 and vF2 respectively, fails to properly set the BIOSWE, BLE, SMMBWP, and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write...

Pandora iOS app does not properly validate SSL certificates

Overview The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation - CVE-2017-3194 Pandora is a streaming music service. On iOS devices...

PCAUSA Rawether for Windows local privilege escalation

Overview PCAUSA's Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. This vulnerability may be exploited to perform local privilege escalation on...

Commvault Edge contains a buffer overflow vulnerability

Overview Commvault Edge, version 11 SP6 11.80.50.0, is vulnerable to a stack-based buffer overflow vulnerability. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3195A stack based buffer overflow in the Commvault Edge Communication Service cvd allows remote attackers to execute...

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...

Apache Struts 2 is vulnerable to remote code execution

Overview Apache Struts, versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10, is vulnerable to code injection leading to remote code execution RCE. Description CWE-94: Improper Control of Generation of Code - CVE-2017-5638An attacker can execute arbitrary OGNL code included in the "Content-Type" header of a...

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

Overview D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3193D-Link...

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...

PHP FormMail Generator generates code vulnerable to multiple issues

Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...

ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...

dotCMS contains multiple vulnerabilities

Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...

Sage XRT Treasury database fails to properly restrict access to authorized users

Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

Overview The Accellion FTP server prior to version FTA912220 is vulnerable to cross-site scripting and information exposure. Description CWE-204: Response Discrepancy Information Exposure- CVE-2016-9499Accellion FTP server only returns the username in the server response if the a username is...

Microsoft Windows SMB Tree Connect Response denial of service vulnerability

Overview Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system. Description Microsoft Windows fails to properly handle traffic from a malicious server. In particular...

SHDesigns Resident Download Manager does not authenticate firmware downloads

Overview SHDesigns' Resident Download Manager as well as the Ethernet Download Manager does not authenticate firmware downloads before executing code and deploying them to devices. Description CWE-494: Download of Code Without Integrity Check- CVE-2016-6567SHDesigns' Resident Download Manager...

Cisco WebEx web browser extension allows arbitrary code execution

Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...

CodeLathe FileCloud is vulnerable to cross-site request forgery

Overview CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery CSRF. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2016-6578CodeLathe FileCloud is an "is an Enterprise File Access, Sync and Share solution that runs on-premise." FileCloud,...

ThreatMetrix SDK for iOS fails to validate SSL certificates

Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description ThreatMetrix is a security library for mobile applications, which aims to...

ShoreTel Mobility Client mobile application does not verify SSL certificates

Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...

McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability

Overview McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability. Description According to the reporter, McAfee VirusScan Enterprise for Windows version 8.7i through at least 8.8 patch 7 contains a scriptproxy COM object that is vulnerable to the...

EpubCheck 4.0.1 contains a XML external entity processing vulnerability

Overview EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks. Description EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project most commonly being epub readers as a...

McAfee VirusScan for Linux contains multiple vulnerabilities

Overview McAfee VirusScan for Linux contains multiple vulnerabilities. Description McAfee VirusScan for Linux version 2.0.3 and prior is vulnerable to the following:CWE-200: Information Exposure - CVE-2016-8016 Multiple pages within the web interface utilize a tplt parameter. An authenticated...

Multiple Netgear routers are vulnerable to arbitrary command injection

Overview Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' , CWE-306:...

PHP FormMail Generator generates code with multiple vulnerabilities

Overview PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data. Description CWE-302: Authentication...

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...

Sungard eTRAKiT3 may be vulnerable to SQL injection

Overview According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database. Description CWE-89: Improper Neutralization of Special Elements us...

BSD libc contains a buffer overflow vulnerability in link_ntoa()

Overview The BSD libc library's linkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Description CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' - CVE-2016-6559Improper bounds checking of the obuf...

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

Overview Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Firefox supports SVG animation through the use of SMIL. The...

NTP.org ntpd contains multiple denial of service vulnerabilities

Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...

Ragentek Android OTA update mechanism vulnerable to MITM attack

Overview Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges. Description CWE-494: Download of Code Without Integrity Check - CVE-2016-6564 Android...

Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability

Overview The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file. Description CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' - CVE-2016-6565The Imagely NextGen Gallery...

D-Link routers HNAP service contains stack-based buffer overflow

Overview D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-6563 Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields...

iTrack Easy contains multiple vulnerabilities

Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-200: Information Exposure - CVE-2016-6542The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the...

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

TrackR Bravo contains multiple vulnerabilities

Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313:Cleartext Storage in a File or on Disk - CVE-2016-6538The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in...

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Overview The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization...

Green Packet DX-350 contains insecure default credentials

Overview Green Packet DX-350 uses default credentials Description CWE-255: Credentials Management - CVE-2016-6552Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. --- Impact A remote attacker can ta...

Synology NAS servers contain insecure default credentials

Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...

Nuuo NT-4040 firmware contains insecure default credentials

Overview Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses default credentials Description CWE-255: Credentials Management - CVE-2016-6553Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote...

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

Overview Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials. Description CWE-255: Credentials Management- CVE-2016-6551Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp ...

ASUS RP-AC52 contains multiple vulnerabilities

Overview The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery and command injection. Description CWE-352:Cross-Site Request ForgeryCSRF- CVE-2016-6557 The RP-AC52 web interface does not sufficiently verify whether a valid reque...

MatrixSSL contains multiple vulnerabilities

Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...

U by BB&T iOS banking application fails to properly validate SSL certificates

Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking...

Aternity version 9 vulnerable to cross-site scripting and remote code execution

Overview The Aternity webserver, version 9 and prior, is reportedly vulnerable to cross-site scripting XSS on several web pages, and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Description CWE-80: Improper Neutralizati...

AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

Overview AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Description AVer Information EH6108H+ hybrid DVR is an IP securit...

DEXIS Imaging Suite 10 contains hard-coded credentials

Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10...

Dentsply Sirona CDR DICOM contains multiple hard-coded credentials

Overview The Dentsply Sirona previously known as Shick Technologies CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 Dentsply...