PT-2018-3024 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.59 and prior MySQL Server versions 5.6.39 and prior MySQL Server versions 5.7.21 and prior Description: The issue is related to inadequate access control in the MySQL Server component, specifically in the Server: DDL...

PT-2018-9372

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 3.18 through 4.16 Description The Linux Kernel incorrectly handles an SG IO ioctl on /dev/sg0 with dxfer direction=SG DXFER FROM DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the...

PT-2018-3589 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.16.4 Description: A double free vulnerability in the f midi set alt function of drivers/usb/gadget/function/f midi.c in the f midi driver may allow attackers to cause a denial of service or possibly have...

PT-2018-1885 · Graphicsmagick +3 · Graphicsmagick +3

Name of the Vulnerable Software and Affected Versions: GraphicsMagick version 1.3.28 Description: The issue is related to a divide-by-zero error in the ReadMNGImage function of coders/png.c. This error can be triggered by remote attackers using a crafted mng file, potentially causing a crash and...

PT-2018-11: Buffer Overflow in PHOENIX CONTACT FL SWITCH

The specialists of the Positive Research center have detected a Buffer Overflow vulnerability in PHOENIX CONTACT FL SWITCH. Buffer overflows in Phoenix Contact managed FL SWITCH allow attackers to cause a denial of service, execute arbitrary code, or disable Web and Telnet services. How to fix...

PT-2017-3926 · Mariadb +2 · Mariadb +3

Name of the Vulnerable Software and Affected Versions: MariaDB versions prior to 10.1.30 MariaDB versions 10.2.x prior to 10.2.10 Percona XtraDB Cluster versions prior to 5.6.37-26.21-3 Percona XtraDB Cluster versions 5.7.x prior to 5.7.19-29.22-3 Description: The issue is related to incorrect...

PT-2020-6701 · Fasterxml +4 · Fasterxml Jackson Databind +4

Name of the Vulnerable Software and Affected Versions: FasterXML Jackson Databind affected versions not specified Description: A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue...

PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS

The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...

PT-2018-31: XXE Injection in Cisco Secure ACS

The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...

PT-2017-2221 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue exists due to insufficient input validation in the tcp v6 syn recv sock function. This can be exploited by a local user to cause a denial of service or possibly have other unspecifi...

PT-2017-18265 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.7.5 Description: The issue allows remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request. This is related to problematic use of the SERVER NAME variable in...

PT-2018-19: Authorization Bypass in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

The specialists of the Positive Research center have detected an Authorization Bypass vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Vulnerability allows attackers to bypass authorization using requests to CGI functions. How to fix Use the...

PT-2018-08: SQL injection in Ipswitch WhatsUp Gold

The specialists of the Positive Research center have detected an SQL injection vulnerability in Ipswitch WhatsUp Gold. SQL injection vulnerability in Ipswitch WhatsUp Gold, due to insufficient validation of user input on some .ASP pages, allows attackers to execute arbitrary SQL commands and obta...

PT-2018-44: Directory Traversal in SAP Business Process Automation by Redwood

The specialists of the Positive Research center have detected a Directory Traversal vulnerability in SAP Business Process Automation by Redwood. A directory traversal vulnerability in SAP Business Process Automation BPA, due to insufficient validation of path information provided by users, allows...

PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service

The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...

PT-2017-16400 · Php +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 5.2.22 Description: An issue in PHPMailer's msgHTML method allows it to apply transformations to an HTML document, making it usable as an email message body. One transformation converts relative image URLs into...

PT-2016-3172

Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description The issue is related to the use of the ap get basic auth pw function by third-party modules outside of the authentication phase, which may lead t...

PT-2016-6144 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r8 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: A cross-site...

PT-2016-3397 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 Description: The issue is related to a stack consumption problem in the Zend/zend exceptions.c component of PHP, caused by insufficient input...

PT-2016-3888 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.34 Description: The issue is related to the ext4 implementation in the Linux kernel, where certain data structures are not properly tracked during initialization. This can be exploited by physically proximat...

PT-2016-3413 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5 Description: The issue is related to an integer overflow in the php raw url encode function, which can be exploited by remote attackers to cause a...

PT-2016-1803

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 6u113, 7u99, and 8u77 Java SE Embedded version 8u77 JRockit version R28.3.9 Description: The issue is related to errors in the code of Jrockit and Java Platform, allowing remote attackers to affect confidentiality,...

PT-2021-3057

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Check Point GAiA affected versions not specified Description The issue concerns a flaw in the authentication procedure of the 802.11 standard, which underlies Wi-Fi Protected Access WPA, WPA2, an...

PT-2021-3311

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Description The issue concerns the 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP. It does not require that all fragments of a frame ar...

PT-2021-3317 · Unknown +10 · Ieee 802.11 +10

Name of the Vulnerable Software and Affected Versions: IEEE 802.11 standard implementations affected versions not specified Description: The issue exists due to insufficient input validation in the implementation of WEP, WPA, WPA2, and WPA3 standards for IEEE 802.11 communication. This can allow ...

PT-2016-1518

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.2p2 Description The issue allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the do authenticated1 and session x11 req functions. This is due ...

PT-2016-2810

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.3 Description The issue is related to a password hashing error in the ssh network protocol. When SHA256 or SHA512 are used for user password hashing, a timing difference in responses can be leveraged by remote...

PT-2016-1792 · Mariadb Foundation +8 · Mariadb +7

Name of the Vulnerable Software and Affected Versions: MySQL versions 5.5.47 and earlier MySQL versions 5.6.28 and earlier MySQL versions 5.7.10 and earlier MariaDB versions prior to 5.5.48 MariaDB versions 10.0.x prior to 10.0.24 MariaDB versions 10.1.x prior to 10.1.12 Description: The issue is...

PT-2016-1784 · Mariadb +7 · Mariadb +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.47 and earlier Oracle MySQL versions 5.6.28 and earlier Oracle MySQL versions 5.7.10 and earlier MariaDB versions prior to 5.5.48 MariaDB versions 10.0.x prior to 10.0.24 MariaDB versions 10.1.x prior to 10.1.12...

PT-2015-5804 · Oracle +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.43 and earlier Oracle MySQL Server versions 5.6.24 and earlier Description: The issue affects the availability of the system, related to the Optimizer component in the Server. The estimated number of potential...

PT-2016-01: Arbitrary File Upload in Advantech WebAccess

The specialists of the Positive Research center have detected an Arbitrary File Upload vulnerability in Advantech WebAccess. It was discovered that Advantech WebAccess before 8.1 allows remote unauthenticated users to create or write to arbitrary files on the server. How to fix Update your softwa...

PT-2014-1421 · Php +5 · Php +5

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14 Description: The issue arises from incorrect anticipation of data structure types after unserialization in the SPL component, leading to potential remote code execution through...

PT-2013-80: Improper input validation in SIMATIC WinCC Open Architecture

The specialists of the Positive Research center have detected an Improper input validation vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA integrated Web server at Port 4999/TCP might allow attackers to perform a denial of service attack on the SIMATIC WinCC OA monitoring...

PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC

The specialists of the Positive Research center have detected an Arbitrary HTML Injection vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The integrated web server port 80/tcp and port 443/tcp of the affected device might allow attackers to inject HTML headers. How to fix Update your firmware u...

PT-2013-3438 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.4 Description: The issue is related to a heap-based buffer overflow in the wdm in callback function. This can be exploited by physically proximate attackers using a crafted cdc-wdm USB device, potentially...

PT-2013-12: open_basedir bypass in PHP

The specialists of Positive Technologies have detected bypass of the configuration directive "openbasedir" in PHP. The vulnerability was detected in the PHP's built-in SoapClient class. PHP does not validate the configration directive "soap.wsdlcachedir" before writing SOAP wsdl cache files to th...

PT-2013-44: Forced browsing in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected a vulnerability, which can be used to gain access to usernames in Siemens WinCC and SIMATIC PCS 7. The WinCC Web Navigator 7.2 allows a user with authenticated access to probe for valid NetBIOS user names by manipulating URL parameters...

PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server

Positive Research Center experts have discovered multiple "SQL Injection" vulnerabilities in Wonderware Information Server. This vulnerability can be used by an attacker to perform database operations that were unintended by the Web application designer and, in some instances, can lead to total...

PT-2013-37: Multiple Cross Site Scripting (XSS) in Wonderware Information Server

Positive Research Center experts have discovered multiple "Cross Site Scripting" vulnerabilities in Wonderware Information Server. This vulnerability enables an attacker to inject client-side script into Web pages viewed by other users or bypass client-side security mechanisms imposed by modern W...

PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC WinCC TIA Portal. Vulnerability exists due to a hard coded encryption key in WinCC RT Professional, which allows remote attackers to obtain sensitive information and escalate their...

PT-2013-32: Directory Traversal in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Directory Traversal" vulnerability in Siemens Simatic WinCC TIA Portal. By manipulating the URL an authenticated attacker may have access to source code of the panel’s server-side web application files, which may include user defined...

PT-2012-1212

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.12 PHP versions 5.4.x prior to 5.4.2 Description The issue arises from insufficient input validation in the sapi/cgi/cgi main.c component of the PHP interpreter. This allows remote attackers to execute arbitrary code ...

PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS

Positive Research Center has discovered multiple Cross-Site Request Forgery and "stored XSS" Vulnerabilities in Cisco ACS. Forms do not provide protection against CSRF attacks. One can create a spoofing web form and trick the Cisco ACS administrator into submitting it. If the administrator alread...

PT-2009-2745 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.39 Apache Tomcat versions 5.5.0 through 5.5.27 Apache Tomcat versions 6.0.0 through 6.0.18 Description: The issue allows remote attackers to cause a denial of service, resulting in an application outag...

PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability

Positive Technologies Research Team has discovered a privilege escalation vulnerability in Windows Message Queuing service MSMQ. The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary...

PT-2007-6354 · Oracle +1 · Jdk +3

Name of the Vulnerable Software and Affected Versions: sun jdk affected versions not specified sun jre affected versions not specified sun sdk affected versions not specified Description: Potential security vulnerabilities have been identified in Java Runtime Environment JRE and Java Developer Ki...

PT-2006-5043 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL versions prior to 5.0.25 MySQL versions prior to 5.1.12 Description: The issue allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE, due to the evaluation of arguments o...

PT-2005-3554 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 4.0 Description: The issue allows an attacker that has compromised an SSH user's account to more easily generate a list of additional targets that are more likely to have the same password or key. This is because...

PT-2003-2507 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1p2 and earlier Description: The issue allows remote attackers to potentially determine if the password step of a multi-step authentication is successful by using timing differences. This occurs when PermitRootLogin is...

PT-2001-2176 · Freebsd +1 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH on FreeBSD versions 4.4 and earlier Description: The issue allows local users to bypass capabilities checks and read arbitrary files by specifying alternate copyright or welcome files, due to libutil in OpenSSH not dropping privileges...