VARIoT IoT vulnerabilities database

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability.". An attacker could use this vulnerability to read e-mail messages. The Samsung SM-G920F (Galaxy S6) is a Samsung smartphone from South Korea. SecEmailSync is one of the mail sync plugins. A SQL injection vulnerability exists in the SecEmailSync plugin in the SamsungSM-G920FbuildG920FXXU2COH2 release. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. Samsung SecEmailSync is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Microsoft VBScript is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions. Microsoft Internet Explorer (IE) is a web browser developed by Microsoft Corporation in the United States, and it is the default browser included with the Windows operating system. Microsoft VBScript (full name Visual Basic Script) is a scripting language and the default programming language for ASP dynamic web pages. JScript is an interpreted object-based scripting language

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. HuaweiEthernetSwitch is an Ethernet switch product from China Huawei. A security vulnerability exists in HuaweiEthernetSwitch, which allows an attacker to submit a special request for sensitive information. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. There is a security vulnerability in the Huawei S5300 using software versions earlier than V200R005SPH008. The vulnerability stems from the fact that the program does not hide passwords when uploading files

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product from Samsung. An arbitrary file-read vulnerability 2. An information-disclosure vulnerability 3

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. The Samsung SRN-1670D camera contains multiple vulnerabilities. SamsungSRN-1670D is a network video recorder product. The SamsungSRN-1670D has a security vulnerability that allows remote attackers to obtain certificate information by sending a specially crafted request. An arbitrary file-read vulnerability 2. An information-disclosure vulnerability 3. A security weakness Successful exploits can allow attackers to read arbitrary files or perform certain unauthorized actions and gain access to potentially sensitive information

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Global object. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the JavaScript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code. Adobe Reader and Acrobat are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in several Adobe products due to the program's improper handling of Global objects

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. This vulnerability CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0944 , CVE-2016-0945 ,and CVE-2016-0946 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0940. This vulnerability CVE-2016-0932 , CVE-2016-0934 , CVE-2016-0937 ,and CVE-2016-0940 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Search object. By calling the query method while Adobe Acrobat Reader DC is saving a global variable, an attacker can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in the Search object implementation of several Adobe products

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0941. This vulnerability CVE-2016-0932 , CVE-2016-0934 , CVE-2016-0937 ,and CVE-2016-0941 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PDF files. By providing a malformed PDF file, an attacker can cause uninitialized memory to be dereferenced. An attacker could leverage this to execute arbitrary code under the context of the process. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products. 13 and earlier versions

The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. This vulnerability CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 , CVE-2016-0945 ,and CVE-2016-0946 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AcroForm plugin. A specially crafted PDF file can force Adobe Reader DC to read memory past the end of an allocated object. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in the AcroForm plug-in for several Adobe products

Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941. This vulnerability CVE-2016-0932 , CVE-2016-0934 , CVE-2016-0940 ,and CVE-2016-0941 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OCG objects. A specially crafted PDF with a specific OCG action can force a dangling pointer to be reused after it has been freed. Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in the OCG object implementation of several Adobe products

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG 2000 data, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PDFs that contain embedded JPEG2000 files. The issue lies in the failure to ensure that indexes are within the bounds of an allocated buffer. An attacker could leverage this vulnerability to execute code under the context of the current process. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted ExtGState dictionary. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. http://cwe.mitre.org/data/definitions/415.htmlCrafted by attackers ExtGState Arbitrary code may be executed through the dictionary. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the ExtGState dictionary within PDFs. The issue lies in the processing of malformed dictionaries leading to a double free. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF

Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2016-0932, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941. This vulnerability is CVE-2016-0932 , CVE-2016-0937 , CVE-2016-0940 ,and CVE-2016-0941 This is a different vulnerability. Supplementary information : CWE Vulnerability types by CWE-416: Use-after-free ( Using freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlDepending on the attacker, multiple layers PDF Arbitrary code could be executed via documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within AGM.dll. A specially crafted PDF with multiple layers can force a dangling pointer to be reused after it has been freed. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. A use-after-free vulnerability exists in the AGM.dll file of several Adobe products

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. This vulnerability CVE-2016-0931 , CVE-2016-0936 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 , CVE-2016-0945 ,and CVE-2016-0946 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory. Supplementary information : CWE Vulnerability types by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user could gain privileges through a crafted resource in an unspecified directory. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Adobe Download Manager is a set of tools that supports automatic downloading of installation programs from Adobe servers. This tool can help control the download process of Adobe Reader, Adobe Acrobat, trial software and other Adobe files, such as downloading without restarting from the beginning if the download is interrupted

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945. This vulnerability CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 ,and CVE-2016-0945 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0946. This vulnerability CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0944 ,and CVE-2016-0946 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946. This vulnerability CVE-2016-0931 , CVE-2016-0933 , CVE-2016-0936 , CVE-2016-0938 , CVE-2016-0939 , CVE-2016-0942 , CVE-2016-0945 ,and CVE-2016-0946 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Adobe Acrobat and Reader are prone to multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. FortiGate running FortiOS is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. FortiOS 4.3.0 through 4.3.16, and 5.0.0 through 5.0.7 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet FortiOS 4.x versions prior to 4.3.17 and 5.0.x versions prior to 5.0.8 have a security vulnerability. The vulnerability stems from the use of hard-coded passwords for the Fortimanager_Access account