VARIoT IoT vulnerabilities database

An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. GoogleNexus9 is a tablet from Google Inc. in the United States. Google Nexus is prone to a privilege-escalation vulnerability

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. GoogleNexus9 is a tablet from Google Inc. in the United States. NVIDIA GPUDrivers is a graphics processor driver. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32401526 and A-32636619

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432. Audioserver Contains a vulnerability with elevated privileges. GoogleNexus is a smartphone from Google Inc. in the United States. Google Nexus 9 is vulnerable

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717. GooglePixel & PixelXL is Google's new Android smartphone launched on October 4, 2016, taking over the previous Nexus series. Google Pixel/Pixel XL is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32769717, A-32917445 and A-32919560

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560. GooglePixel & PixelXL is Google's new Android smartphone launched on October 4, 2016, taking over the previous Nexus series. Google Pixel/Pixel XL is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32769717, A-32917445 and A-32919560

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. The attacker exploited the vulnerability to execute a specially crafted URI and induced user clicks. When the user clicks on the link, they are redirected to the attacker-controlled website, causing a phishing attack. Other attacks are possible

Shenzhen Haishilian Technology Co., Ltd. is a comprehensive technology enterprise integrating R & D, production, sales and service. The WIFICAM camera is a webcam product of the company. There is an empty password vulnerability in the WIFICAM network camera of Shenzhen Haishilian Company. Since the WIFICAM network camera uses port 81 as the WEB management port, there is a default admin blank password. An attacker could use the vulnerability to obtain remote management rights, which constitutes information leakage.

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. Citrix NetScaler Application Delivery Controller and Gateway are prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following versions are affected: Citrix NetScaler ADC and NetScaler Gateway 10.5 prior to 10.5 Build 65.11, 11.0 prior to 11.0 Build 69.12/69.123, 11.1 prior to 11.1 Build 51.21

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. SendQuick Entera & Avera SMS Gateway Appliances are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system. An attacker could exploit this vulnerability to shut down the system

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. SendQuick Entera & Avera SMS Gateway Appliances are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system

StruxureWare Data Center Expert is a DCIM (Data Center Infrastructure Management) solution designed to monitor infrastructure including security, power and environment. Schneider Electric StruxureWare Data Center Expert product has a password disclosure vulnerability. The cause of this vulnerability is that StruxureWare data center user passwords are stored in clear text, allowing attackers to use the vulnerability to obtain sensitive information.

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. Unisys Libra 43xx and so on are all MCP-based application system architectures developed by Unisys Corporation of the United States. MCP-FIRMWARE 40.0 versions prior to 40.0IC4 Build 270 in Unisys Libra 43xx, 63xx, 83xx and FS600 class systems have a security vulnerability. A remote attacker could exploit this vulnerability to cause a denial of service (data corruption and system crash)

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. Multiple information-disclosure vulnerabilities. 2. A session-fixation vulnerability. 3. A security-bypass vulnerability. 4. A directory-traversal vulnerability. An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible. XLWeb 500 XLWebExe-1-02-08 and prior

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. Multiple information-disclosure vulnerabilities. 2. A session-fixation vulnerability. 3. A security-bypass vulnerability. 4. A directory-traversal vulnerability. An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible. XLWeb 500 XLWebExe-1-02-08 and prior

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. Multiple information-disclosure vulnerabilities. 2. A session-fixation vulnerability. 3. A security-bypass vulnerability. 4. A directory-traversal vulnerability. An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible. XLWeb 500 XLWebExe-1-02-08 and prior

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). Multiple information-disclosure vulnerabilities. 2. A session-fixation vulnerability. 3. A security-bypass vulnerability. 4. A directory-traversal vulnerability. An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible. XLWeb 500 XLWebExe-1-02-08 and prior

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. Multiple information-disclosure vulnerabilities. 2. A session-fixation vulnerability. 3. A security-bypass vulnerability. 4. A directory-traversal vulnerability. An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible. XLWeb 500 XLWebExe-1-02-08 and prior

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. Guacamole is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Guacamole 0.9.8 and 0.9.9 are vulnerable

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula. URL A vulnerability exists that allows a redirect attack to be performed. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvb21745. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. web framework is one of the web frameworks. A security vulnerability exists in the web framework in Cisco PSC. Attackers can use this vulnerability to redirect users to malicious websites, implement phishing attacks, and obtain confidential information

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. An information disclosure vulnerability exists in versions prior to Lenovo LXCA 1.2.2