VARIoT IoT vulnerabilities database

3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. 3Com SS3 4400 Switch products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to retrieve potentially sensitive information. The impact of successful exploits may allow various operations on the device, including disabling ports and reconfiguring a VLAN. Note that this issue may be exploited only through the management VLAN that the affected device is connected to. Firmware versions 5.11, 6.00, and 6.10 or earlier are vulnerable. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: 3Com SuperStack 3 Switch 4400 Information Disclosure SECUNIA ADVISORY ID: SA22818 VERIFY ADVISORY: http://secunia.com/advisories/22818/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: 3Com SuperStack 3 Switch 4400 Family http://secunia.com/product/450/ DESCRIPTION: A security issue has been reported in the 3Com SuperStack 3 Switch 4400 family, which can be exploited by malicious people to gain knowledge of sensitive information. Successful exploitation requires access to the management VLAN. SOLUTION: An update is reportedly available for customers with a software maintenance agreement or via the 3Com Partner Access site. PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrew Brennan. ORIGINAL ADVISORY: http://www.3com.com/securityalert/alerts/3COM-06-004.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. INCA IM-204 devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks. This BID may be related to BID 20689; the issues are very similar in nature. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: INCA IM-204 "getpage" Parameter Information Disclosure SECUNIA ADVISORY ID: SA22557 VERIFY ADVISORY: http://secunia.com/advisories/22557/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: INCA IM-204 http://secunia.com/product/12440/ DESCRIPTION: Crackers_Child has reported a vulnerability in INCA IM-204, which can be exploited by malicious people to disclose potential sensitive information. Input passed to the "getpage" parameter in cgi-bin/webcm is not properly verified before being used. This can be exploited to disclose the content of certain files via directory traversal attacks. SOLUTION: Use the device only in a trusted network. PROVIDED AND/OR DISCOVERED BY: Crackers_Child ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. Symantec AntiVirus and Symantec Client Security are prone to a privilege-escalation vulnerability. Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges. Successful exploits may facilitate a complete system compromise. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an improper validation of the output buffer address space of a "DeviceIOControl()" call in the SAVRT.SYS device driver. PROVIDED AND/OR DISCOVERED BY: The vendor credits Boon Seng Lim. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/avcenter/security/Content/2006.10.23.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. D-Link DSL-G624T of cgi-bin/webcm Contains a directory traversal vulnerability.By a third party .. A remote attacker can read any file using .. D-Link DSL-G624T devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: D-Link DSL-G624T Directory Traversal and Cross-Site Scripting SECUNIA ADVISORY ID: SA22524 VERIFY ADVISORY: http://secunia.com/advisories/22524/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From local network SOFTWARE: D-Link DSL-G624T http://secunia.com/product/12420/ DESCRIPTION: Jose Ramon Palanco has reported some vulnerabilities in D-Link DSL-G624T, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose certain sensitive information. 1) Input passed to the "upnp%3Asettings%2Fstate" and "upnp%3Asettings%2Fconnection" parameters in cgi-bin/webcm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "getpage" parameter in cgi-bin/webcm is not properly verified before being used. The vulnerabilities are reported in firmware version V3.00B01T01.YA-C.20060616. Other versions may also be affected. SOLUTION: Do not visit other web sites while accessing the device and use it only in a trusted network. PROVIDED AND/OR DISCOVERED BY: Jose Ramon Palanco ORIGINAL ADVISORY: http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. Version 7.1 is vulnerable; other versions may also be affected. This BID is being retired because further information shows that the application is not vulnerable to this issue

Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets. Bluetooth Wireless Device Driver is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Toshiba Bluetooth Stack Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA22402 VERIFY ADVISORY: http://secunia.com/advisories/22402/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Toshiba Bluetooth Stack 4.x http://secunia.com/product/6807/ Toshiba Bluetooth Stack 3.x http://secunia.com/product/6806/ DESCRIPTION: A vulnerability has been reported in Toshiba Bluetooth Stack, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Successful exploitation requires knowledge of the Bluetooth device address. The vulnerability is reported in version 3.x and versions 4 through 4.00.35. Other versions may also be affected. NOTE: Products from other vendors using the Toshiba Bluetooth Stack may also be affected. The Toshiba Bluetooth Stack running on 64-bit platforms is reportedly not affected. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: David Maynor, SecureWorks and Jon Ellch. ORIGINAL ADVISORY: http://www.secureworks.com/press/20061011-dell.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. Exploiting this issue allows remote, unauthenticated attackers to crash the application, denying further service to legitimate users. eXtensible Open Router Platform versions 1.2 and 1.3 are vulnerable to this issue. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: XORP OSPF Link State Advertisements Denial of Service SECUNIA ADVISORY ID: SA22462 VERIFY ADVISORY: http://secunia.com/advisories/22462/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: XORP 1.x http://secunia.com/product/12372/ DESCRIPTION: Mu Security has reported a vulnerability in XORP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out of bounds read when processing Link State Advertisements (LSA). This can be exploited to crash the OSPF daemon by sending LSAs with invalid length values. The vulnerability is reported in XORP 1.2 and 1.3. Other versions may also be affected. SOLUTION: Follow vendor instructions to apply patches. http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt PROVIDED AND/OR DISCOVERED BY: Mu Security ORIGINAL ADVISORY: XORP Project Advisory: http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt Mu Security Advisory: http://labs.musecurity.com/advisories/MU-200610-01.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. Exploiting this issue may permit an attacker to crash affected devices, denying further network services to legitimate users. Kerio WinRoute Firewall 6.2.2 and prior versions are vulnerable; other versions may also be affected. Kerio WinRoute Firewall is a gateway firewall for small and medium businesses. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Kerio WinRoute Firewall DNS Response Denial of Service SECUNIA ADVISORY ID: SA22986 VERIFY ADVISORY: http://secunia.com/advisories/22986/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing malformed DNS responses. This can be exploited to crash the application. SOLUTION: Update to version 6.2.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Version 5.5 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Input passed to the "sid" parameter in my.acctab.php3 is not properly sanitised before being returned to the user. The vulnerability is reported in FirePass 1000 SSL VPN version 5.5. PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp ORIGINAL ADVISORY: http://www.procheckup.com/Vulner_PR0603b.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. McAfee Network Agent is prone to a remote denial-of-service vulnerability because the service fails to properly handle excessive network data. Exploiting this issue may cause the affected application to crash, denying service to legitimate users. Version 1.0.178.0 is vulnerable; other versions may also be affected. Remote attackers may use this vulnerability to perform denial of service attacks on services. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. This can be exploited to crash the service by sending a specially crafted message with an invalid value in the string position field. SOLUTION: Restrict access to the service. PROVIDED AND/OR DISCOVERED BY: JAAScois ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. An attacker may use prior knowledge to log into the device to gain access to the device's administrative section. This could aid in further attacks. Cisco 2700 Series Wireless Location Appliance versions prior to 2.1.34.0 are vulnerable

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. (1) modules/Calendar/admin/update.php To calpath Parameters (2) modules/Calendar/admin/scheme.php To calpath Parameters (3) modules/Calendar/calendar.php To calpath Parameters. vtiger CRM is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible. vtiger CRM 4.2 and prior versions are vulnerable; other versions may also be affected

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. Cisco Secure Desktop is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues allows an attacker to gain access to potentially sensitive information; this may lead to other attacks. The following problems exist in the implementation of CSD, which may lead to the leakage of sensitive information related to SSL VPN sessions. Windows Page File Information Leakage Due to the way the Windows virtual memory subsystem operates, virtual physical memory used by any application, including in the Secure Desktop process space, may be written to the page file. The Windows page file stores the contents of the physical memory paged out without encryption, so data forensics tools can be used to recover the information paged out by the operating system. Due to this mechanism, CSD may not be able to delete all data generated and accessed in the SSL VPN session after the VPN session is terminated

The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. Cisco Secure Desktop is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues allows an attacker to gain access to potentially sensitive information; this may lead to other attacks. The following problems exist in the implementation of CSD, which may lead to the leakage of sensitive information related to SSL VPN sessions. Restoring documents from a Windows printer spool If a document has already been printed, it can be restored from a printer spool. Background files are usually stored in the C:\WINDOWS\system32\spool\PRINTERS\ directory, with the extension .SPL. The life cycle of these files is very short, because they will be deleted after being successfully sent to the printer. However, if there is a printing problem or if data forensics is applied to the hard drive, it may be possible to recover the files

Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged-in user. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 1) An unspecified input validation error exists, which can be exploited to gain unauthorized access to system information. Successful exploitation requires spoofing of a trusted domain web site and to trick the user to click on a malicious link. Automated Support Assistant: Update to the latest version. https://www-secure.symantec.com/techsupp/asa/install.jsp PROVIDED AND/OR DISCOVERED BY: The vendor credits John Haesman, Next Generation Security Research. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. PHP Classifieds is a web-based directory classification program written in PHP.  PHP Classifieds lacks proper and sufficient filtering of the parameters submitted by users, and remote attackers can use this vulnerability to unauthorizedly manipulate the database. Remote attackers can gain unauthorized access to the database by inserting specific SQL commands into the input data. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: PHP Classifieds "catid" and "catid_search" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22264 VERIFY ADVISORY: http://secunia.com/advisories/22264/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP Classifieds 7.x http://secunia.com/product/12226/ PHP Classifieds 6.x http://secunia.com/product/8084/ DESCRIPTION: Kzar has discovered some vulnerabilities in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by inserting arbitrary SQL code. The vulnerabilities have been confirmed in version 7.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Kzar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged-in user. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 1) An unspecified input validation error exists, which can be exploited to gain unauthorized access to system information. Successful exploitation requires spoofing of a trusted domain web site and to trick the user to click on a malicious link. Automated Support Assistant: Update to the latest version. https://www-secure.symantec.com/techsupp/asa/install.jsp PROVIDED AND/OR DISCOVERED BY: The vendor credits John Haesman, Next Generation Security Research. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. (1) Excessively long URL (2) Too long user name (3) Overly long passwords. Linksys SPA921 VoIP phones are prone to denial-of-service vulnerabilities because the devices fail to properly handle large user-supplied input values in HTTP traffic. Exploiting this issue allows remote attackers to crash and reboot affected devices, denying service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to errors within the embedded HTTP server when handling long strings. This can be exploited to reboot the phone by sending long HTTP requests to it. The vulnerability has been reported in firmware version 1.0.0. Other versions may also be affected. SOLUTION: Restrict use to within trusted networks only. PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: TeraStation HD-HTGL Series Cross-Site Request Forgery SECUNIA ADVISORY ID: SA22248 VERIFY ADVISORY: http://secunia.com/advisories/22248/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: >From remote OPERATING SYSTEM: TeraStation HD-HTGL Series http://secunia.com/product/12189/ DESCRIPTION: A vulnerability has been reported in TeraStation HD-HTGL Series, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to an error within the web administration interface, which allows to perform certain sensitive actions without verifying the user's request. This can be exploited to modify certain configuration sections or delete data stored on the device. The vulnerability is reported in firmware 2.05. Other versions may also be affected. SOLUTION: Do not visit untrusted sites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Reported by JVN. ORIGINAL ADVISORY: http://jvn.jp/jp/JVN%2393484133/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. Intoto iGateway VPN and iGateway SSL-VPN There is a service disruption (CPU consumption ) There is a vulnerability that becomes a condition. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Intoto iGateway VPN / SSL-VPN Denial of Service Vulnerability SECUNIA ADVISORY ID: SA22206 VERIFY ADVISORY: http://secunia.com/advisories/22206/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Intoto iGateway SSL-VPN http://secunia.com/product/12172/ Intoto iGateway VPN http://secunia.com/product/12171/ DESCRIPTION: A vulnerability has been reported in Intoto iGateway VPN and Intoto iGateway SSL-VPN, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a DoS via specially crafted X.509 certificates. SOLUTION: Reportedly, patch can be obtained by contacting Intoto at support@intoto.com. PROVIDED AND/OR DISCOVERED BY: Originally reported in OpenSSL by Dr S. N Henson. Reported in Intoto iGateway VPN / SSL-VPN by the vendor. ORIGINAL ADVISORY: http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------