VARIoT IoT vulnerabilities database

Multiple Hitachi products have security vulnerabilities that allow malicious users to conduct denial of service attacks on applications. The problem exists in the Cosminexus XML processor, and no detailed vulnerability details are currently provided. A remote attacker can leverage this issue to cause denial-of-service condition. The following products are vulnerable: Cosminexus uCosminexus Application Server uCosminexus Client uCosminexus Developer uCosminexus Operator uCosminexus Service Architect uCosminexus Service Platform. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Hitachi Products Cosminexus XML Processor Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45863 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45863/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45863 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45863/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45863/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45863 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service). No further information is currently available. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates. Please see vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-018/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Hitachi JP1/Cm2/Network Node Manager has security vulnerabilities that allow a malicious user to conduct a denial of service attack or control the application. There are currently no detailed vulnerability details available, which can lead to application crashes or arbitrary code execution. Successfully exploiting these issues allows remote attackers to cause denial-of-service conditions. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA45710 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45710/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45710 RELEASE DATE: 2011-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/45710/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45710/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45710 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply updates (Please see vendor's advisory for details). Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-017/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information

The Cyclope Internet Filtering Proxy monitors the entire Internet traffic and blocks access to websites and files based on selected filtering criteria. The web-based management console lacks sufficient filtering for input and there is a cross-site scripting vulnerability. Whitelist and blacklist modes are affected by this vulnerability. Sending the malicious script code <user>USER</user><computer>COMPUTER</computer><ip>IP ADDY</ip>\\n to the default record port 8585 in the correct order, resulting in an XSS attack due to no filtering. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. GE Proficy Historian is a factory system that collects, archives and distributes very large amounts of real-time data at high speeds, significantly improving operational visibility and profit and loss settlement lines. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. All versions of Proficy Historian, Proficy HMI/SCADA-CIMPLICITY 8.1 and 8.2, and Proficy HMI/SCADA-iFIX 5.0 and 5.1 are vulnerable. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Proficy Historian Cross-Site Scripting and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46699 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46699/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46699 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46699/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46699/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46699 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Historian, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 2) An error in the Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) when processing certain network messages can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 14000. Successful exploitation of this vulnerability may allow execution of arbitrary code. Please see the vendor's advisories for a list of affected versions. SOLUTION: Apply updates. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Billy Rios and Terry McCorkle via ICS-CERT. 2) Luigi Auriemma via ZDI. ORIGINAL ADVISORY: GE (GEIP11-01, GEIP11-03): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-03%20Security%20Advisory%20-%20Proficy%20Historian%20Web%20Administrator.pdf http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-01%20Security%20Advisory%20-%20Proficy%20Historian%20ihDataArchiver.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. An integer overflow vulnerability exists in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 release. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CoDeSys Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47018 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in CoDeSys, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 2) A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080. 3) A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted "Content-Length" header sent to TCP port 8080. 4) A second NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080. 5) An error in the Control service when processing web requests containing a non-existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080. The vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/codesys_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition

Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. An attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: GE (GEIP-11-02): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Pantech Link is a mobile phone that supports 2.4\" LCD screen and full keyboard. The Pantech Link/P7040P browser SSL certificate parsing contains a vulnerability caused by the \"Basic Constraints\" parameter that does not correctly check the certificate in the chain. Use the legal final entity The certificate is signed with a new certificate, and the attacker can obtain a \"legal\" certificate for any domain. For example: -TrustedCA--somedomain.com (legitimate certificate)---api.someotherdomain.com (signed by somedomain.com) uses this technology Any SSL communication using the api.someotherdomain.com certificate can be transparently intercepted. The browser of Pantech Link Phones is prone to a security weakness because it fails to verify SSL certificates presented by a remote server. An attacker can exploit this weakness to masquerade as a legitimate server using a man-in-the-middle attack or to launch other attacks, such as phishing

Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. ( Dot dot ) including fileget Arbitrary files may be read via parameters. Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. Pragyan CMS 3.0 is vulnerable; other versions may also be affected

CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly verifies WRITE requests containing very long filenames, allowing an attacker to crash the service. CiscoKits CCNA TFTP Server is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users

CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly handles read requests containing \"../\" sequences, allowing an attacker to read arbitrary files through a directory traversal attack. CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks

The SAP J2EE Engine Core is a core component of the SAP NetWeaver application platform. The SAP J2EE engine has security flaws that allow an attacker to compromise an enterprise computer system over the Internet. The impact of this issue is currently unknown. We will update this BID when more information emerges

Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple local file inclusion vulnerabilities exist in Vtiger CRM 5.2.1 and earlier. Because the input provided to the user is not properly filtered, an attacker can exploit the vulnerability to obtain potentially sensitive information and execute any local scripts in the web server process, jeopardizing applications and computers, and possibly causing other attacks. This may allow the attacker to compromise the application and the computer; other attacks are also possible. Vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected

Hitachi Command Suite is an integrated software suite for efficient management of virtualized storage and server infrastructure. Hitachi Command Suite has a cross-site scripting vulnerability. Because some unknown input lacks filtering before returning to the user, an attacker can use the vulnerability to conduct a cross-site scripting attack, construct a malicious URI, induce users to parse, obtain sensitive information, or hijack user sessions. Multiple Hitachi Command Suite Products, including Device Manager Software and Tiered Storage Manager Software, are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Hitachi Command Suite Products Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA48084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48084 RELEASE DATE: 2012-02-21 DISCUSS ADVISORY: http://secunia.com/advisories/48084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Update to version 7.2.1-00. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS12-008 (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-008/index.html HS12-008 (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-008/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection FTP Client Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Protek Research Lab's has discovered a vulnerability in Reflection for Secure IT, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious server. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's ORIGINAL ADVISORY: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Koha is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the OPAC (Online Public Access Catalog) interface. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Koha 3.4.2 are vulnerable.

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. ZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201311-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zabbix: Multiple vulnerabilities Date: November 25, 2013 Bugs: #312875, #394497, #428372, #452878, #486696 ID: 201311-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure. Background ========== Zabbix is software for monitoring applications, networks, and servers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2 Description =========== Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Zabbix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2" References ========== [ 1 ] CVE-2010-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277 [ 2 ] CVE-2011-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904 [ 3 ] CVE-2011-3263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263 [ 4 ] CVE-2011-4674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674 [ 5 ] CVE-2012-3435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435 [ 6 ] CVE-2013-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364 [ 7 ] CVE-2013-5572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201311-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file. Safenet provides software protection and certificate management products, affected products Sentinel HASP, previously Aladdin HASP SRM is a digital certificate management program. 7T IGSS uses the SafeNet Sentinel HASP SDK for managing digital certificates. Special characters allow an attacker to build and inject HTML into a configuration file. Successful exploitation of the vulnerability allows an attacker to change the code in the configuration file. This vulnerability can be reproduced using Mozilla FIrefox 2.0, which is currently not triggered by current Mozilla Firefox, Microsoft Internet Explorer, Opera, and Google Chrome. SafeNet Sentinel HASP and 7T IGSS are prone to an HTML-injection vulnerability because they fail to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SafeNet Sentinel HASP Admin Control Center Script Insertion Weakness SECUNIA ADVISORY ID: SA47349 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47349/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47349 RELEASE DATE: 2011-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/47349/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47349/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47349 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in SafeNet Sentinel HASP Run-time Environment, which can be exploited by malicious users to conduct script insertion attacks. Successful exploitation requires a victim to view injected data using Mozilla Firefox version 2.0. The weakness is reported in version 5.95 and prior. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Carlos Mario Penagos Hollman, Synapse-labs. ORIGINAL ADVISORY: SafeNet: http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/ ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Movicon is the first fully XML-based Scada/HMI software developed by the famous Italian automation software provider PROGEA. There is an arbitrary code execution vulnerability in Movicon 11.2 Build 1085 and other versions of dwmapi.dll. A remote attacker can open a file on a network share containing a specially crafted dynamic link library (DLL) file by tricking legitimate users into using the affected application