VARIoT IoT vulnerabilities database
VAR-201109-0182 | CVE-2011-3489 |
RSLogix Remote Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0578 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RSLinx Classic connects RSLogix and RSNetWorx products to Rockwell Automation networks and devices, and is also an OPC server. RsvcHost.exe and RNADiagReceiver.exe listen to 4446 and other ports. Rockwell RSLogix is a programming software for industrial automation. An attacker could exploit this vulnerability to execute arbitrary code for an attack. RSLogix is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
RSLogix 5000 is vulnerable. Other versions may also be affected. A buffer overflow vulnerability exists in RnaUtility.dll in RsvcHost.exe version 2.30.0.23 of Rockwell RSLogix 19 and earlier
VAR-190001-0595 | No CVE | H3C ER5100 Authentication Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The H3C ER5100 is an enterprise-class dual-core broadband router. The H3C ER5100 Enterprise Broadband Router web management page has a verification vulnerability. Unauthorized visitors can modify, restart, and view most system configurations. The H3C ER5100 is prone to a remote authentication-bypass vulnerability.
Attackers can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research
\"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies.
Read the report here:
http://secunia.com/products/corporate/vim/fs_request_2011/
----------------------------------------------------------------------
TITLE:
H3C ER5100 Router Web Interface Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA44969
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44969/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44969
RELEASE DATE:
2011-06-23
DISCUSS ADVISORY:
http://secunia.com/advisories/44969/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/44969/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44969
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
128bit has reported a vulnerability in H3C ER5100 Router, which can
be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
mechanism of the administrative web interface. This can be exploited
to bypass authentication checks and gain access to the administrative
interface by e.g. appending "userLogin.asp" to the URL.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
128bit
ORIGINAL ADVISORY:
http://www.wooyun.org/bugs/wooyun-2010-02268
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0244 | No CVE | Barracuda Backup Service Multiple Security Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Barracuda Backup Service is a network backup solution. Barracudas Backup v2.x has multiple persistent input validation vulnerabilities, local low privileged user accounts or remote attackers (using user interaction) can implement/inject malicious persistent script code (Java/HTML) that can lead to sensitive information disclosure , access the intranet available server and operate part of the content. Affected Module: [+] E-Mail Message Browser - Filter[+] Expressions[+] Exclsuion Rules Image: ../ive1.png../ive2.png../ive3.png../ive4.png. Barracuda Backup Service is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML or script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible
VAR-190001-0838 | No CVE | SAP WebAS Malicious SAP Shortcut Generates Remote Command Injection Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
SAP Web Application Server (sometimes called WebAS) is the runtime environment for SAP applications - all mySAP Business Suite solutions (SRM, CRM, SCM, PLM, ERP) run on SAP WebAS. The SAP Web Application Server provides access to multiple services through the WEB engine, namely the SAP Internet Communication Framework (ICM). The SHORTCUT ICF service is a dangerous feature that can be performed anonymously by third-party programs for client attacks on end users. In addition, this service includes a parameter injection vulnerability that allows the attacker to gain further control over the system. There are currently no detailed details of the vulnerability provided. SAP WebAS is prone to a remote command injection vulnerability
An attacker can exploit this issue inject arbitrary commands into the affected application and take over the generation of SAP shortcuts
VAR-190001-0709 | No CVE | D-Link DNS-320 ShareCenter Authentication Mechanism Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DNS-320 is a storage device for small business users. D-Link ShareCenter DNS-320 manages the authentication mechanism of the WEB interface. It can be used to bypass the verification check and perform shutdown or restart operations. D-Link DNS-320 ShareCenter is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to connect to the affected device without authentication. This may aid in further attacks.
D-Link DNS-320 ShareCenter firmware 2.00b06 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
D-Link ShareCenter DNS-320 Authentication Bypass Vulnerability
SECUNIA ADVISORY ID:
SA47070
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47070/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47070
RELEASE DATE:
2011-12-08
DISCUSS ADVISORY:
http://secunia.com/advisories/47070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47070/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in D-Link ShareCenter DNS-320,
which can be exploited by malicious people to bypass certain security
restrictions. This can be exploited
to bypass authentication checks and e.g. restart or shutdown the
device.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
rigan
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201108-0083 | CVE-2011-2402 | HP Network Automation Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform cross-site scripting attacks that allow attackers to obtain sensitive information or hijack user sessions.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS).
References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The patch is available here: http://support.openview.hp.com/selfsolve/patches
Upgrade to HP Network Automation v9.10
Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081)
HISTORY
Version:1 (rev.1) - 28 July 2011 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ
7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw
=v+ei
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Network Automation Cross-Site Scripting and SQL Injection
Vulnerabilities
SECUNIA ADVISORY ID:
SA45454
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45454/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
RELEASE DATE:
2011-07-30
DISCUSS ADVISORY:
http://secunia.com/advisories/45454/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45454/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP Network Automation,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.
1) Certain unspecified input is not properly sanitised before being
returned to the user.
2) Certain unspecified input is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and
9.10.
SOLUTION:
Update to version 9.10 and apply patch 1 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02693 SSRT100583:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201108-0084 | CVE-2011-2403 |
HP Network Automation In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201107-0314 |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform SQL injection attacks, allowing attackers to obtain sensitive information or manipulate databases.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS).
References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Automation v7.2x, v7.5x, v7.6x, v9.0, v9.10
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-2402 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2011-2403 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided a patch to resolve the vulnerabilities for HP Network Automation v9.10. The patch is available here: http://support.openview.hp.com/selfsolve/patches
Upgrade to HP Network Automation v9.10
Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081)
HISTORY
Version:1 (rev.1) - 28 July 2011 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ
7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw
=v+ei
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
HP Network Automation Cross-Site Scripting and SQL Injection
Vulnerabilities
SECUNIA ADVISORY ID:
SA45454
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45454/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
RELEASE DATE:
2011-07-30
DISCUSS ADVISORY:
http://secunia.com/advisories/45454/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45454/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45454
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP Network Automation,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and
9.10.
SOLUTION:
Update to version 9.10 and apply patch 1 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02693 SSRT100583:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201202-0282 | CVE-2012-1008 |
OfficeSIP Server Input Validation Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201202-0193 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
OfficeSIP Server There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.By a third party SIP INVITE Cleverly crafted in the message To Service disruption via header ( Daemon crash ) There is a possibility of being put into a state. A vulnerability exists in the OfficeSIP Server version 3.1.
Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions
VAR-201201-0168 | CVE-2011-4057 | Wibu-Systems CodeMeter remote denial of service vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.
Wibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
CodeMeter Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA47497
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47497/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
RELEASE DATE:
2012-01-12
DISCUSS ADVISORY:
http://secunia.com/advisories/47497/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47497/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in CodeMeter, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error. No further
information is currently available.
SOLUTION:
Update to version 4.40.
ORIGINAL ADVISORY:
JVN:
http://jvn.jp/en/jp/JVN78901873/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201406-0031 | CVE-2011-4821 | D-Link DIR-601 TFTP Server Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. The D-Link DIR-601 is a wireless router device. The attacker performs the WAN interface monitored by the TFTP server without authentication. D-Link DIR-601 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to gain access to system and other configuration files.
D-Link DIR-601 1.02NA is vulnerable; other versions may be affected. ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
2X ApplicationServer TuxSystem ActiveX Control "ExportSettings()"
Insecure Method
SECUNIA ADVISORY ID:
SA47657
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47657/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47657
RELEASE DATE:
2012-02-03
DISCUSS ADVISORY:
http://secunia.com/advisories/47657/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47657/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47657
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Andrea Micalizzi has discovered a vulnerability in 2X
ApplicationServer TuxSystem ActiveX Control, which can be exploited
by malicious people to manipulate certain data.
The vulnerability is caused due to the TuxSystem ActiveX control
(TuxScripting.dll) providing an insecure "ExportSettings()" method,
which can be exploited to create or overwrite arbitrary files in the
context of the currently logged-on user.
The vulnerability is confirmed in version 10.1 Build 1224.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
Andrea Micalizzi (rgod) via Secunia.
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SOLUTION:
Disable the TFTP service
VAR-201112-0253 | CVE-2011-4860 | NOE 771 device ComputePassword Function Information Disclosure Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. A remote attacker can gain access by means of (1) ARP request information or (2) Neighbor Solicitation information. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem. The built-in hard-coded authentication credentials can be used to access the following services: Telnet port, allowing remote attackers to view the operation of the module firmware, perform denial of service, modify the module memory, execute Arbitrary code. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Ethernet Modules Undocumented Account Security
Issues
SECUNIA ADVISORY ID:
SA47019
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47019/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
RELEASE DATE:
2011-12-14
DISCUSS ADVISORY:
http://secunia.com/advisories/47019/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47019/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ruben Santamarta has reported some security issues in multiple
Schneider Electric modules, which can be exploited by malicious
people to bypass certain security restrictions.
1) The Telnet service contains undocumented hardcoded credentials,
which can be exploited to gain access to the service and e.g. modify
module's memory and execute arbitrary code.
2) The Windriver Debug service contains undocumented hardcoded
credentials, which can be exploited to gain access to the service and
e.g. modify module's memory and execute arbitrary code.
3) The FTP service contains undocumented hardcoded credentials, which
can be exploited to gain access to the service and e.g. modify HTTP
passwords and upload malicious firmware.
Please see the ICS-CERT's advisory for a list of affected products
and versions.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
Ruben Santamarta
ORIGINAL ADVISORY:
Ruben Santamarta:
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-1072 | No CVE | D-Link DAP-1150 Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DAP-1150 is a wireless access device. D-Link DAP-1150 has a cross-site request forgery vulnerability that allows an attacker to build a malicious link, entice a logged-in user to resolve, and perform various administrative operations in the target user context. D-Link DAP-1150 is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible.
D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected
VAR-190001-0402 | No CVE | Trend Micro DataArmor/DriveArmor Pre-Boot Local Privilege Escalation Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Trend Micro DataArmor/DriveArmor is a data protection application. Trend Micro DataArmor/DriveArmor pre-boot has a security vulnerability that allows a local attacker to execute arbitrary code in the login user context and gain access to the DataArmor Recovery Console.
Attackers with physical access to the affected system can exploit this issue to escalate privileges and perform unauthorized actions
VAR-190001-0356 | No CVE | Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks.
CodeMeter 4.30c is affected; other versions may also be vulnerable
VAR-190001-0706 | No CVE | HTC Touch2 T3333 HTCVideoPlayer Memory Corruption Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The HTC Touch2 T3333 is a 3G smartphone based on the WM6.5 system. HTCVideoPlayer is the default media player for HTC Windows mobile devices. There is a memory corruption vulnerability when parsing the stbl atom of the 3g2 video format. Building malicious files to entice users to parse can cause an application to crash. HTCVideoPlayer is prone to a memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions
VAR-190001-0018 | No CVE | SAP Netweaver Unsafe SAPTerm User Account Creation Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: LOW |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There was an error running some reports to create an SAPTerm user with hard-coded user credentials by convincing the system administrator to run a report. SAP Netweaver is prone to a security-bypass vulnerability that can allow a user to create insecure SAPTerm user accounts.
Attackers can exploit this issue to perform certain unauthorized actions. This may aid in further attacks. SAPTerm user. ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research
\"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies.
Read the report here:
http://secunia.com/products/corporate/vim/fs_request_2011/
----------------------------------------------------------------------
TITLE:
SAP NetWeaver SAPTerm Hardcoded Credentials User Creation Weakness
SECUNIA ADVISORY ID:
SA45034
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45034/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45034
RELEASE DATE:
2011-06-30
DISCUSS ADVISORY:
http://secunia.com/advisories/45034/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45034/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45034
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness has been reported in SAP NetWeaver, which can be exploited
by malicious users to manipulate certain data.
The weakness is reported in the following components:
* SAP Basis versions 620 through 640.
* SAP Basis versions 700 through 702.
* SAP Basis versions 710 through 730.
* SAP Basis versions 72L through 800.
SOLUTION:
Apply fixes (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Julius von dem Bussche, Xiting AG.
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1542645
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0820 | No CVE | Alice Modem 'rulename' parameter cross-site scripting vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Alice Modem is a modem. A cross-site scripting vulnerability exists in Alice Modem. The vulnerability is caused by the device not being able to properly handle the user-provided input. The remote attacker can execute arbitrary script code in the context of the user's browser of the affected site with the rulename parameter and steal the cookie-based authentication certificate
VAR-190001-0476 | No CVE | Dlink DPH 150SE/E/F1 IP Phones Device Restart Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Dlink DPH is an IP telephony solution. A security vulnerability exists in the web management interface of Dlink DPH 150SE, which allows unauthenticated users to obtain profile information including the administrator password. Dlink DPH IP phones are prone to multiple remote vulnerabilities.
The following devices are affected:
Dlink DPH 150SE
Dlink DPH 150E
Dlink DPH 150F1
VAR-190001-0139 | No CVE | SAP MaxDB NULL Pointer Dereference Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP MaxDB is prone to a denial-of-service vulnerability.
Attackers may leverage this issue to crash the affected application, denying service to legitimate users.
SAP MaxDB 7.8.01.18 is vulnerable; other versions may also be affected.
VAR-201110-0216 | CVE-2011-3980 | TYPO3 Drag Drop Mass Upload Arbitrary File Update Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. Typo3 is one of the leading brands of open source content management systems (CMS) and content management frameworks (CMF) based on PHP and MySQL databases and is a powerful open source solution. A remote attacker can update any file with an unknown vector. The issue occurs because the application fails to adequately validate user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible