VARIoT IoT vulnerabilities database

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. This may aid in further attacks

Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. LANTIME M-Series servers are prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. LANTIME M-Series 6.15.019 and prior are vulnerable. Meinberg Radio Clocks LANTIME M-Series Servers is an NTP server (computer time synchronization) product of the LANTIME M series of Meinberg Radio Clocks in Germany

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. (DoS) There is a possibility of being put into a state. HP FutureSmart LaserJet Printers are laser printer devices from Hewlett Packard. An attacker could exploit this vulnerability for a denial of service attack. Exploiting this issue allows remote attackers to gain unauthorized access and trigger denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04483249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04483249 Version: 1 HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2014-7875 SSRT101766 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-7875 (AV:N/AC:L/Au:N/C:P/I:P/A:C) 9.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps: Select "Drivers & Software". - Enter the appropriate product name listed in the table below into the search field. - Click on "Search". - Click on the appropriate product. - Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. - Select the appropriate firmware update under "Firmware". Product Name Model Number Firmware Revision HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v.53.236.2 or a more recent version HISTORY Version:1 (rev.1) - 30 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlRSbX8ACgkQ4B86/C0qfVkesACg1VzlkbeG5YbyfurS9Iv+EImB vSoAn3rU58PQ7zdH5mChpMRO5LkdNy8T =qSxc -----END PGP SIGNATURE-----

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCup88089. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq90589. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the fact that the program does not correctly verify the parameters passed by the HTTP GET and POST methods. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. Vendors have confirmed this vulnerability Bug ID CSCup92550 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCup92550. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the fact that the program does not properly verify the parameters passed by the HTTP GET and POST methods. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq90582. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the fact that the program does not correctly verify the parameters passed by the HTTP GET and POST methods. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq90597. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. Nordex Control 2 is a fan control system. Nordex Control 2 (NC2) A cross-site scripting vulnerability exists in versions prior to SCADA 16. Because the program failed to properly filter the 'username' parameter, remote attackers exploited the vulnerability to build malicious URIs, enticing users to parse, get sensitive cookies, hijack sessions or Malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Nordex NC2 (also known as Nordex Control 2) is a set of SCADA (Data Acquisition and Supervisory Control) system used in the wind power industry by Nordex, Germany. Wind Farm Portal is a wind farm control portal based on this system

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Accuenergy Acuvim II is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information.This may lead to further attacks. AXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Accuenergy Acuvim II for AXN-NET Ethernet Run on module accessories Web server Contains a vulnerability that prevents authentication and changes its settings.Unspecified by a third party URL Authentication may be bypassed and settings may be changed via direct requests to. Accuenergy Acuvim II is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. AXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This solution is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. The Konke Smart Plug is a smart home product. The Konke Smart Plug has a remote authentication bypass vulnerability. An attacker could exploit this vulnerability to bypass certain security restrictions and obtain sensitive information. Successful exploits may lead to other attacks

Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB is a leader in power and automation technology. ABB is committed to providing efficient and reliable solutions for a wide range of industries in terms of energy efficiency, industrial productivity and grid stability. A local code execution vulnerability exists in multiple ABB products that can be exploited by local attackers to execute arbitrary code. RobotStudio is a set of robot offline programming and simulation software

FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. FortiADC-E is an application delivery controller developed by the company. FortiADC-E has security vulnerabilities that allow non-privileged users to inject messages into the FortiADC-E-configured network or with hosts configured on the FortiADC-E network. FortiADC-E is prone to an unauthorized-access vulnerability. Successful exploits will allow attackers to gain unauthorized access to network resources, which may aid in further attacks. Fortinet FortiADC-E and Coyote Point Equalizer are both Fortinet's application delivery controllers, which can optimize network availability, user experience, mobile performance and cloud-based enterprise application control, and enhance server efficiency and reduce Data center network complexity and cost

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit. In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner. This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version. This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x). Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html -- Regards, David Longenecker @dnlongen

Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. The Cisco ASR 901 Series Routers are router devices issued by Cisco. A denial of service vulnerability exists in the Cisco ASR 901 Series Routers that could allow an attacker to reload an affected device and deny service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuo29736

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. tnftp is prone to a remote arbitrary command-execution. An attacker can exploit this issue to execute arbitrary commands in the context of the affected application. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation. The following versions are affected: NetBSD 5.1 to 5.1.4, 5.2 to 5.2.2, 6.0 to 6.0.6, 6.1 to 6.1.5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: tnftp: Arbitrary code execution Date: November 15, 2016 Bugs: #527302 ID: 201611-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== tnftp is vulnerable to remote code execution if output file is not specified. Resolution ========== All tnftp users should upgrade to the latest version: <code> # emerge --sync # emerge --ask --verbose --oneshot ">=net-ftp/tnftp-20141104" References ========== [ 1 ] CVE-2014-8517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8517 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:26.ftp Security Advisory The FreeBSD Project Topic: Remote command execution in ftp(1) Category: core Module: ftp Announced: 2014-11-04 Credits: Jared McNeill, Alistair Crooks Affects: All supported versions of FreeBSD. Corrected: 2014-11-04 23:29:57 UTC (stable/10, 10.1-PRERELEASE) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC4-p1) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC3-p1) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC2-p3) 2014-11-04 23:31:17 UTC (releng/10.0, 10.0-RELEASE-p12) 2014-11-04 23:30:47 UTC (stable/9, 9.3-STABLE) 2014-11-04 23:33:46 UTC (releng/9.3, 9.3-RELEASE-p5) 2014-11-04 23:33:17 UTC (releng/9.2, 9.2-RELEASE-p15) 2014-11-04 23:32:45 UTC (releng/9.1, 9.1-RELEASE-p22) 2014-11-04 23:30:23 UTC (stable/8, 8.4-STABLE) 2014-11-04 23:32:15 UTC (releng/8.4, 8.4-RELEASE-p19) CVE Name: CVE-2014-8517 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background The ftp(1) userland utility is an interactive FTP client. It can also be used non-interactively, by providing a URL on the command line. In this mode, it supports HTTP in addition to FTP. II. III. Impact When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified. IV. Workaround No workaround is available. Users are encouraged to replace ftp(1) in non-interactive use by either fetch(1) or a third-party client such as curl or wget. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8] # fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch # fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch.asc # gpg --verify ftp-8.patch.asc [All other versions] # fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch # fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch.asc # gpg --verify ftp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile ftp. Execute the following commands as root: # cd /usr/src/usr.bin/ftp # make && make install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r274108 releng/8.4/ r274111 stable/9/ r274109 releng/9.1/ r274112 releng/9.2/ r274113 releng/9.3/ r274114 stable/10/ r274107 releng/10.0/ r274110 releng/10.1/ r274115 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517> The latest revision of this advisory is available at <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:26.ftpd.asc> -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUWWUQAAoJEO1n7NZdz2rnhUwP+wQKrgKs6lRk6Yl4UtRyEwyG BHGkA62oaQbehuccahjQgIcLTk3Vp3AalXtSQpdyWJktHiYrFwBnheW/IrhJ6bMS dpJv3yqqQtSED9sADf+GAvxV6TG9bknq/RDxXKpsQ/MocYbiVxz/3nDOMz9CB7ep saDttvGHW7RUmNoKL70pgItGapiVuBzMF01PCZ2SmFiJHYi7BoiJwm72Y1NLU8YE TkiX2ZAoTVMN5/R3DW38HyVCyeY2tMTHSdQXRSYjwzJ0gEbBPWMPQyB1SAa8dtk5 j54KFNOBoaXMjd3USqFgo0fduU3rGZp5PwITTx5Rx5Ixtz2vHddyOISV0RcjA0cq TWDwBGlKET7qZ1j7nHTgy4U4wMTWFbkjjqEY+RHYywaAmy8ACDmEUci8d3fWKWVY d4y8RCvBrlnFVjmNiNcBc5XFXxY0Ra3BQ8C/VE0k0ZFuzmFUCi+DJZDR2Gtl0R9Q 1hAdj+yOJo46ylHPiSyoBZmsRZccV1a81phOPe0mPR84BvzNvBsdI+EFIJWi+5bw bjuSM8YCOHrlGkqh9h9+BizvLfJFpjUSglwzPmOfRpTv59XJpc6D1Hia+uICTEfd lSiJgDZ6enozY7QVoiO7G/ycyQCVe7Ehwywx/dpWXVpva85tn4Xl2khBCiPNbBBo xnPjqxmwGK+4uegsO6CY =QT3h -----END PGP SIGNATURE-----