Open Dental uses blank database password by default

Overview Open Dental is medical dental records management software. Open Dental version 16.1, and previous versions, installs with a blank root database MySQL password by default.. An attacker with network access to an Open Dental MySQL database could read, modify, or delete data. This...

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Overview The Fortinet FortiWAN Ascernlink network load balancer appliance contains multiple vulnerabilities. Description According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.CWE-78: Improper Neutralization of Special Elements used...

Accellion Kiteworks contains multiple vulnerabilities

Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The /opt/bin/cli script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privilege...

ReadyDesk contains multiple vulnerabilities

Overview ReadyDesk, version 9.1 and possibly others, contains SQL injection, path traversal, hard-coded cryptographic key, and arbitrary file upload vulnerabilities that may be leveraged to expose sensitive data and execute arbitrary code in the context of the vulnerable software. Description...

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Overview HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally...

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

Overview The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for...

D-Link routers contain buffer overflow vulnerability

Overview D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-5681A stack-based buffer overflow occurs in the function within the cgibin binary which validates...

UltraVNC repeater does not restrict IP addresses or ports by default

Overview UltraVNC repeater versions prior to ultravncrepeater1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port. Description CWE-16: Configuration - CVE-2016-5673UltraVNC repeater acts as...

NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

Overview NUUO NVRmini 2, NVRsolo, Crystal, and Netgear ReadyNAS Surveillance products have web management interfaces containing multiple vulnerabilities that can be leveraged to gain complete control of affected devices. Description NUUO NVRmini 2, NVRsolo, and Crystal, and Netgear ReadyNAS...

Proxy auto-config (PAC) files have access to full HTTPS URLs

Overview Web proxy auto-config PAC files are passed the full HTTPS URL in GET requests which may expose sensitive data. Description CWE-212: Improper Cross-boundary Removal of Sensitive Data - CVE-2016-5134 Google, CVE-2016-1801 AppleWeb proxy auto-configuration files proxy.pac have access to the...

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...

Crestron AirMedia AM-100 contains multiple vulnerabilities

Overview The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2016-5639 A path traversal vulnerability exists in login.cgi...

Intel CrossWalk project does not validate SSL certificates after first acceptance

Overview The Intel Crosswalk project is a framework for developing hybrid apps for Android and iOS. The Crosswalk project does not properly handle SSL certificate validation when a user accepts an invalid certificate, preventing the app for validating any future SSL certificates. Description...

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

Overview ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-5080ASN1C is used to generate...

Misys FusionCapital Opics Plus contains multiple vulnerabilities

Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' -...

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTPPROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle MITM attacks on internal subrequests or to direct the server to initiate connection...

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...

libbpg contains a type confusion vulnerability that leads to out of bounds write

Overview libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution. Description CWE-787: Out-of-bounds Write - CVE-2016-5637According to the reporter, improper checki...

Acer Portal app for Android does not properly validate SSL certificates

Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud. Description CVE-2016-5648 - CWE-295: Improper Certificate Validation T...

Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files

Overview Alertus Desktop Notification for OS X, version 2.9.30.1700 and earlier, sets insecure permissions for configuration and other files, which may enable an unprivileged attacker to disable notifications and modify content locally. Description CWE-276: Incorrect Default Permissions -...

mDNSResponder contains multiple memory-based vulnerabilities

Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120:...

Adobe Flash memory corruption vulnerability

Overview Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild. Description Adobe Flash Player 21.0.0.242 and earlier contain an unspecified vulnerability that an allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is...

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,...

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

Overview NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in t...

Fonality contains a hard-coded password and embedded SSL private key

Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...

MEDHOST Perioperative Information Management System contains hard-coded database credentials

Overview MEDHOST Perioperative Information Management System PIMS versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-4328MEDHOST PIMS, previously branded as VPIMS, contains hard-coded...

Up.time agent for Linux does not authenticate a user before allowing read access to the file system

Overview The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-8268According to the researcher, "The linux based uptime.agent version 7.5...

Chef Manage deserializes cookie data insecurely

Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

ImageMagick does not properly validate input before processing images using a delegate

Overview ImageMagick does not properly validate user input before processing it using a delegate, which may lead to arbitrary code execution. This issue is also known as "ImageTragick". Description CWE-20: Improper Input Validation - CVE-2016-3714According to the researchers in a mailing list pos...

Little CMS 2 DefaultICCintents double-free vulnerability

Overview Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Little CMS is an open-source color management engine that supports the International Color...

libarchive contains a heap-based buffer overflow due to improper input validation

Overview An attacker may be able to coerce a user into executing arbitrary code in the context of the current user by attempting to unzip a crafted zip file provided by the attacker. Description CWE-20: Improper Input Validation - CVE-2016-1541A crafted zip file can provide an incorrect compresse...

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

Overview The Accellion File Transfer Appliance FTA contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Accellion File Transfer appliance contains multiple vulnerabilities in versions below...

NTP.org ntpd contains multiple vulnerabilities

Overview The NTP.org reference implementation of ntpd contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.CWE-294: Authentication Bypass by Capture-replay - CVE-2015-7973 An attacker on the network can record and...

Allround Automations PL/SQL Developer v11 performs updates over HTTP

Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...

HP Data Protector does not perform authentication and contains an embedded SSL private key

Overview The HP Data Protector does not perform user authentication, even when Encrypted Control Communications is enabled, and contains an embedded SSL private key that is shared among all installations. Description CWE-306: Missing Authentication for Critical Function - CVE-2016-2004Data...

Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")

Overview The Security Account Manager Remote SAMR and Local Security Authority Domain Policy LSAD protocols do not properly establish Remote Procedure Call RPC channels, which may allow any attacker to impersonate an authenticated user or gain access to the SAM database, or launch denial of servi...

Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access

Overview The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle's OBD-II port and provides information about the vehicle's performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands...

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability

Overview Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2344The Autodesk...

npm fails to restrict the actions of malicious npm packages

Overview npm allows packages to take actions that could result in a malicious npm package author to create a worm that spreads across the majority of the npm ecosystem. Description npm is the default package manager for Node.js, which is a runtime environment for developing server-side web...

Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities

Overview Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity XXE attack that may be leveraged to expose sensitive data on the host.. Description CWE-611- Improper Restriction of XML External Entity Reference 'XXE' - CVE-2016-2340 Granite Data Services...

Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow

Overview The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support...

DTE Energy Insight app vulnerable to information exposure

Overview The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Description CWE-200: Information Exposure- CVE-2016-1562The DTE Energy Insight app lets DTE Energy customers track their energy usage. This informati...

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous...

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Overview Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the "DROWN" attack in the media. Description According to the researcher, "DROWN" is a new form of cross-protocol Bleichenbacher padding oracle...

IKE/IKEv2 protocol implementations may allow network amplification attacks

Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...

Forwarding Loop Attacks in Content Delivery Networks may result in denial of service

Overview Content Delivery Networks CDNs may in some scenarios be manipulated into a forwarding loop, which consumes server resources and causes a denial of service DoS on the network. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' Content Delivery Networks CDNs are...

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...