VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection. NukeCalendar version 1.1.a for PHP-Nuke has a cross-site scripting (XSS) vulnerability in modules.php

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection

The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". The issue presents itself when Web Filtering procedures handle a URI that contains certain characters. Kerio Personal Firewall is a personal desktop firewall. Kerio Personal Firewall uses a web-filter to receive URLs and return the requested content to the browser. WEB filter blocks ads, pop-ups, etc. If the submitted URL contains illegal data (like \\%13\\%12\\%13), the program will crash during processing

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. If logged in with the default credentials, an attacker can gain complete control over a device. Successful exploitation could allow an attacker to gain access to sensitive data, compromise network integrity and confidentiality, cause denial of service attacks and use the devices to launch various attacks against other networks. CiscoWorks WLSE provides centralized Cisco wireless LAN infrastructure management

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. It has been reported that the LAN management server setup utilities are prone to a remote configuration vulnerability. This issue is due to a design error that leaves the system insecure after remote management occurs. This issue may allow an attacker to gain unauthorized access to certain utilities on the affected system

FloosieTek FTGatePro Mail Server is a versatile mail server that includes anti-virus integration, anti-spam, NAT SAM integration and more. The FTGate mail server does not properly handle some of the illegal parameter data. The remote attacker can use this vulnerability to obtain sensitive server path information. Providing illegal data to the 'id' parameter of message.fts can result in a physical path back to the server. This information can be used to help the attacker further attack the system. This issue is due to an ill conceived error message that includes the server path

FloosieTek FTGatePro Mail Server is a versatile mail server that includes anti-virus integration, anti-spam, NAT SAM integration and more. The FTGate WEB mail server lacks sufficient filtering for user submission parameters, and remote attackers can exploit this vulnerability to obtain user sensitive information. The problem is that 'individual.fts' lacks filtering for the \"Display name\" field. The attacker builds a malicious WEB page to entice the user to access the information such as the sensitive COOKIE of the target user. It has been reported that FTGate is prone to multiple remote input validation vulnerabilities; a cross-site scripting issue and an HTML injection vulnerability. These issues are due to a failure of the application to properly sanitize user supplied input before using it in dynamic web content. The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. An attacker may exploit the HTML injection vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible

Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email.". apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple Mail has been reported prone to an undisclosed vulnerability. The issue is reported to present itself during HTML formatted e-mail processing routines. This BID will be updated as further pertinent details that pertain to this vulnerability are released

Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. It has been reported that CUPS is prone to an unspecified configuration file vulnerability. Currently details surrounding this issue are insufficient to provide more information. This BID will be updated when new information becomes available

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. Attackers may exploit these issues to steal cookie-based authentication credentials, map the application root directory of the affected application, execute arbitrary commands, and include arbitrary files. Other attacks are also possible. Coppermine Photo Gallery is a WEB-based graphics library management program. Coppermine Photo Gallery does not fully filter the input submitted by users in many places. The specific issues are as follows: 1. Path leakage: By directly accessing some configuration scripts, sensitive path information can be obtained. 2. Cross-site scripting attack coppermine/docs/menu.inc.php\'\' lacks filtering for user submitted URIs, attackers can use this vulnerability to obtain sensitive information. 3. Browse any directory: If you have PHP-Nuke administrator privileges, you can bypass directory restrictions to access other files by accessing the coppermine module. 4. Arbitrary command execution: If you have PHP-Nuke administrator privileges to access the coppermine module, you can enter the SHELL command in some parameters of the coppermine configuration panel, and execute it with WEB process privileges

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4745 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the 'VirusEvent' directive in the 'clamav.conf' configuration file has been enabled and the 'Dazuko' module is used with the antivirus software. Although unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4744 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the modTMCSS Proxy functionality. An attacker can leverage this vulnerability to execute arbitrary code under the context of the imss user. that integrates anti-virus, anti-spyware and anti-phishing technologies to provide comprehensive protection for email applications. The issue presents itself when the 'VirusEvent' directive in the 'clamav.conf' configuration file has been enabled and the 'Dazuko' module is used with the antivirus software. Although unconfirmed, all versions of the application are assumed to vulnerable at the moment. This information will be updated as more details become available. Failed exploit attempts will result in a denial-of-service condition

Cisco IOS 11.2 has been reported prone to an access control bypass vulnerability. The issue is reported to present itself on C2500-F2IN-L appliances, but may also affect other Cisco devices that are running IOS 11.2. It has been repotred that an attacker who resides on a blocked network segment may bypass the access controls by transmitting TCP packets to target hosts that have both RST and ACK flags set.

Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application. Mac OS X Server is prone to a local security vulnerability

HP Web JetAdmin has an integrated and modified Apache web server. Some scripts included in HP Web Jetadmin lack sufficient filtering of parameters, and remote attackers can use this script to execute arbitrary commands with WEB privileges. Use the wja_update_product.hts script, and 'plugins/framework/script/tree.xms' to allow remote attackers to execute arbitrary commands with WEB privileges. This issue is due to a failure of the application to properly validate and sanitize user supplied input. This issue has been tested with an authenticated account on HP Web Jetadmin version 7.5.2546 running on a Windows platform

Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. A resource management error vulnerability exists in Progress Software Ipswitch WS_FTP Server version 4.0.2. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. These vulnerabilities may allow remote attackers to execute arbitrary code, cause denial of service attacks and gain administrative level access to a server. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. A security vulnerability exists in Progress Software Ipswitch WS_FTP Server version 4.0.2

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. A buffer error vulnerability exists in Progress Software Ipswitch WS_FTP Server version 4.0.2

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. Reportedly MS-Analysis is prone to a remote information disclosure vulnerability. This issue is due to a design error that displays sensitive system information when certain errors are triggered. The problem presents itself when an error condition is triggered in all scripts residing in the 'scripts' directory of the MS-Analysis directory. It has also been reported that this issue affects the 'mstrack.php' and 'title.php' scripts in the MS-Analysis root directory. These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks. Version 2.0 of the MS Analysis module of PHP-Nuke is vulnerable. This vulnerability discloses the full path in the PHP error message