VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201109-0182 CVE-2011-3489 RSLogix Remote Denial of Service Vulnerability

Related entries in the VARIoT exploits database: VAR-E-201109-0578
CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RSLinx Classic connects RSLogix and RSNetWorx products to Rockwell Automation networks and devices, and is also an OPC server. RsvcHost.exe and RNADiagReceiver.exe listen to 4446 and other ports. Rockwell RSLogix is a programming software for industrial automation. An attacker could exploit this vulnerability to execute arbitrary code for an attack. RSLogix is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. RSLogix 5000 is vulnerable. Other versions may also be affected. A buffer overflow vulnerability exists in RnaUtility.dll in RsvcHost.exe version 2.30.0.23 of Rockwell RSLogix 19 and earlier
VAR-190001-0595 No CVE H3C ER5100 Authentication Bypass Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The H3C ER5100 is an enterprise-class dual-core broadband router. The H3C ER5100 Enterprise Broadband Router web management page has a verification vulnerability. Unauthorized visitors can modify, restart, and view most system configurations. The H3C ER5100 is prone to a remote authentication-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. ---------------------------------------------------------------------- Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/ ---------------------------------------------------------------------- TITLE: H3C ER5100 Router Web Interface Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA44969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44969 RELEASE DATE: 2011-06-23 DISCUSS ADVISORY: http://secunia.com/advisories/44969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: 128bit has reported a vulnerability in H3C ER5100 Router, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication mechanism of the administrative web interface. This can be exploited to bypass authentication checks and gain access to the administrative interface by e.g. appending "userLogin.asp" to the URL. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: 128bit ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-02268 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-190001-0244 No CVE Barracuda Backup Service Multiple Security Vulnerabilities CVSS V2: -
CVSS V3: -
Severity: -
Barracuda Backup Service is a network backup solution. Barracudas Backup v2.x has multiple persistent input validation vulnerabilities, local low privileged user accounts or remote attackers (using user interaction) can implement/inject malicious persistent script code (Java/HTML) that can lead to sensitive information disclosure , access the intranet available server and operate part of the content. Affected Module: [+] E-Mail Message Browser - Filter[+] Expressions[+] Exclsuion Rules Image: ../ive1.png../ive2.png../ive3.png../ive4.png. Barracuda Backup Service is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML or script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible
VAR-190001-0838 No CVE SAP WebAS Malicious SAP Shortcut Generates Remote Command Injection Vulnerability CVSS V2: -
CVSS V3: -
Severity: MEDIUM
SAP Web Application Server (sometimes called WebAS) is the runtime environment for SAP applications - all mySAP Business Suite solutions (SRM, CRM, SCM, PLM, ERP) run on SAP WebAS. The SAP Web Application Server provides access to multiple services through the WEB engine, namely the SAP Internet Communication Framework (ICM). The SHORTCUT ICF service is a dangerous feature that can be performed anonymously by third-party programs for client attacks on end users. In addition, this service includes a parameter injection vulnerability that allows the attacker to gain further control over the system. There are currently no detailed details of the vulnerability provided. SAP WebAS is prone to a remote command injection vulnerability An attacker can exploit this issue inject arbitrary commands into the affected application and take over the generation of SAP shortcuts
VAR-190001-0709 No CVE D-Link DNS-320 ShareCenter Authentication Mechanism Bypass Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The D-Link DNS-320 is a storage device for small business users. D-Link ShareCenter DNS-320 manages the authentication mechanism of the WEB interface. It can be used to bypass the verification check and perform shutdown or restart operations. D-Link DNS-320 ShareCenter is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to connect to the affected device without authentication. This may aid in further attacks. D-Link DNS-320 ShareCenter firmware 2.00b06 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: D-Link ShareCenter DNS-320 Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA47070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47070 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in D-Link ShareCenter DNS-320, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to bypass authentication checks and e.g. restart or shutdown the device. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: rigan OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201108-0083 CVE-2011-2402 HP Network Automation Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform cross-site scripting attacks that allow attackers to obtain sensitive information or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The patch is available here: http://support.openview.hp.com/selfsolve/patches Upgrade to HP Network Automation v9.10 Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081) HISTORY Version:1 (rev.1) - 28 July 2011 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ 7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw =v+ei -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Network Automation Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45454 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45454/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45454 RELEASE DATE: 2011-07-30 DISCUSS ADVISORY: http://secunia.com/advisories/45454/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45454/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45454 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP Network Automation, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. 2) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and 9.10. SOLUTION: Update to version 9.10 and apply patch 1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMU02693 SSRT100583: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201108-0084 CVE-2011-2403 HP Network Automation In SQL Injection vulnerability

Related entries in the VARIoT exploits database: VAR-E-201107-0314
CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. HP Network Automation is an automated network configuration management tool. HP Network Automation running on Linux, Solaris and Windows platforms has security vulnerabilities that allow attackers to perform SQL injection attacks, allowing attackers to obtain sensitive information or manipulate databases. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Network Automation v7.2x, v7.5x, v7.6x, v9.0, v9.10 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-2402 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-2403 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a patch to resolve the vulnerabilities for HP Network Automation v9.10. The patch is available here: http://support.openview.hp.com/selfsolve/patches Upgrade to HP Network Automation v9.10 Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081) HISTORY Version:1 (rev.1) - 28 July 2011 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ 7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw =v+ei -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Network Automation Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45454 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45454/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45454 RELEASE DATE: 2011-07-30 DISCUSS ADVISORY: http://secunia.com/advisories/45454/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45454/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45454 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP Network Automation, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities reported in versions 7.2x, 7.5x, 7.6x, 9.0, and 9.10. SOLUTION: Update to version 9.10 and apply patch 1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMU02693 SSRT100583: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942385 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201202-0282 CVE-2012-1008 OfficeSIP Server Input Validation Vulnerability

Related entries in the VARIoT exploits database: VAR-E-201202-0193
CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
OfficeSIP Server There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.By a third party SIP INVITE Cleverly crafted in the message To Service disruption via header ( Daemon crash ) There is a possibility of being put into a state. A vulnerability exists in the OfficeSIP Server version 3.1. Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions
VAR-201201-0168 CVE-2011-4057 Wibu-Systems CodeMeter remote denial of service vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Wibu-Systems CodeMeter versions prior to 4.40 are affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CodeMeter Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 RELEASE DATE: 2012-01-12 DISCUSS ADVISORY: http://secunia.com/advisories/47497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. SOLUTION: Update to version 4.40. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201406-0031 CVE-2011-4821 D-Link DIR-601 TFTP Server Directory Traversal Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. The D-Link DIR-601 is a wireless router device. The attacker performs the WAN interface monitored by the TFTP server without authentication. D-Link DIR-601 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to system and other configuration files. D-Link DIR-601 1.02NA is vulnerable; other versions may be affected. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: 2X ApplicationServer TuxSystem ActiveX Control "ExportSettings()" Insecure Method SECUNIA ADVISORY ID: SA47657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47657 RELEASE DATE: 2012-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/47657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TuxSystem ActiveX control (TuxScripting.dll) providing an insecure "ExportSettings()" method, which can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user. The vulnerability is confirmed in version 10.1 Build 1224. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Disable the TFTP service
VAR-201112-0253 CVE-2011-4860 NOE 771 device ComputePassword Function Information Disclosure Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. A remote attacker can gain access by means of (1) ARP request information or (2) Neighbor Solicitation information. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem. The built-in hard-coded authentication credentials can be used to access the following services: Telnet port, allowing remote attackers to view the operation of the module firmware, perform denial of service, modify the module memory, execute Arbitrary code. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Undocumented Account Security Issues SECUNIA ADVISORY ID: SA47019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has reported some security issues in multiple Schneider Electric modules, which can be exploited by malicious people to bypass certain security restrictions. 1) The Telnet service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 2) The Windriver Debug service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 3) The FTP service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify HTTP passwords and upload malicious firmware. Please see the ICS-CERT's advisory for a list of affected products and versions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: Ruben Santamarta: http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-190001-1072 No CVE D-Link DAP-1150 Cross-Site Request Forgery Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The D-Link DAP-1150 is a wireless access device. D-Link DAP-1150 has a cross-site request forgery vulnerability that allows an attacker to build a malicious link, entice a logged-in user to resolve, and perform various administrative operations in the target user context. D-Link DAP-1150 is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected
VAR-190001-0402 No CVE Trend Micro DataArmor/DriveArmor Pre-Boot Local Privilege Escalation Vulnerability CVSS V2: -
CVSS V3: -
Severity: MEDIUM
Trend Micro DataArmor/DriveArmor is a data protection application. Trend Micro DataArmor/DriveArmor pre-boot has a security vulnerability that allows a local attacker to execute arbitrary code in the login user context and gain access to the DataArmor Recovery Console. Attackers with physical access to the affected system can exploit this issue to escalate privileges and perform unauthorized actions
VAR-190001-0356 No CVE Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability CVSS V2: -
CVSS V3: -
Severity: MEDIUM
Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. CodeMeter 4.30c is affected; other versions may also be vulnerable
VAR-190001-0706 No CVE HTC Touch2 T3333 HTCVideoPlayer Memory Corruption Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The HTC Touch2 T3333 is a 3G smartphone based on the WM6.5 system. HTCVideoPlayer is the default media player for HTC Windows mobile devices. There is a memory corruption vulnerability when parsing the stbl atom of the 3g2 video format. Building malicious files to entice users to parse can cause an application to crash. HTCVideoPlayer is prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions
VAR-190001-0018 No CVE SAP Netweaver Unsafe SAPTerm User Account Creation Security Bypass Vulnerability CVSS V2: -
CVSS V3: -
Severity: LOW
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There was an error running some reports to create an SAPTerm user with hard-coded user credentials by convincing the system administrator to run a report. SAP Netweaver is prone to a security-bypass vulnerability that can allow a user to create insecure SAPTerm user accounts. Attackers can exploit this issue to perform certain unauthorized actions. This may aid in further attacks. SAPTerm user. ---------------------------------------------------------------------- Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver SAPTerm Hardcoded Credentials User Creation Weakness SECUNIA ADVISORY ID: SA45034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45034 RELEASE DATE: 2011-06-30 DISCUSS ADVISORY: http://secunia.com/advisories/45034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in SAP NetWeaver, which can be exploited by malicious users to manipulate certain data. The weakness is reported in the following components: * SAP Basis versions 620 through 640. * SAP Basis versions 700 through 702. * SAP Basis versions 710 through 730. * SAP Basis versions 72L through 800. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Julius von dem Bussche, Xiting AG. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1542645 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-190001-0820 No CVE Alice Modem 'rulename' parameter cross-site scripting vulnerability CVSS V2: -
CVSS V3: -
Severity: -
Alice Modem is a modem. A cross-site scripting vulnerability exists in Alice Modem. The vulnerability is caused by the device not being able to properly handle the user-provided input. The remote attacker can execute arbitrary script code in the context of the user's browser of the affected site with the rulename parameter and steal the cookie-based authentication certificate
VAR-190001-0476 No CVE Dlink DPH 150SE/E/F1 IP Phones Device Restart Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
Dlink DPH is an IP telephony solution. A security vulnerability exists in the web management interface of Dlink DPH 150SE, which allows unauthenticated users to obtain profile information including the administrator password. Dlink DPH IP phones are prone to multiple remote vulnerabilities. The following devices are affected: Dlink DPH 150SE Dlink DPH 150E Dlink DPH 150F1
VAR-190001-0139 No CVE SAP MaxDB NULL Pointer Dereference Denial of Service Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
SAP MaxDB is prone to a denial-of-service vulnerability. Attackers may leverage this issue to crash the affected application, denying service to legitimate users. SAP MaxDB 7.8.01.18 is vulnerable; other versions may also be affected.
VAR-201110-0216 CVE-2011-3980 TYPO3 Drag Drop Mass Upload Arbitrary File Update Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. Typo3 is one of the leading brands of open source content management systems (CMS) and content management frameworks (CMF) based on PHP and MySQL databases and is a powerful open source solution. A remote attacker can update any file with an unknown vector. The issue occurs because the application fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible