VARIoT IoT vulnerabilities database

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. Vendors have confirmed this vulnerability Bug ID CSCup30133 It is released as.By a third party via transit traffic, Typhoon Line card ACL You may be able to work around the limitation. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family. An attacker can exploit this issue to bypass the access list and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCup30133. The vulnerability is caused by the incorrect compression of port-range and address-range encoding. A remote attacker can exploit this vulnerability to bypass the established Typhoon line-card ACL restrictions by means of relay communication

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuq65542

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCuq36417 and CSCuq4034. There is a security vulnerability in CWMS that stems from the inclusion of sensitive data in the logs

Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. ZyXEL SBG-3300 Security Gateway The firmware login page shows service disruption ( permanent Web Interface down ) There are vulnerabilities that are put into a state. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The vulnerability is caused by the program not validating the parameters correctly. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter Contains a vulnerability in which important encrypted password information can be obtained. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "restart". Successful exploitation will allow an attacker to execute arbitrary commands on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "start". Successful exploitation will allow an attacker to execute an arbitrary file on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions

The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of calls to IOHIDSecurePromptClient. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. An attacker can leverage this vulnerability to crash an instance of OS X. Apple Mac OS X is a set of dedicated operating systems developed by Apple Inc. of the United States for Mac computers. A remote attacker could use this vulnerability to crash an application and deny legitimate users

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell Micrologix 1400 DNP3 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications. The loophole comes from the fact that the program does not set the security attribute when creating a session cookie

Bangxun Wlan AC is a wireless controller product produced by Bangxun Technology Co., Ltd. It is used to build large-scale wireless networks for basic telecommunications companies. Testing found that multiple management pages of products related to V2.0.9 related versions have unauthorized access vulnerabilities. Anonymous can directly access the information on Wlan AC / AP, such as device information, AP information, user information, etc.

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. IBM Security Access Manager for Web is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause CPU utilization to rapidly increase, leading to a denial-of-service condition. It provides user access management and Web application protection function. WebSEAL is one of the Web server components that provides authentication

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. Remote attackers can exploit this issue to execute arbitrary shell commands within the context of the affected system. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. The management console in ISAM has a security hole

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. It provides user access management and Web application protection functions. The Local Management Interface in ISAM has a cross-site scripting vulnerability

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. This issue is being tracked by Cisco bug ID CSCup10343. A security vulnerability exists in CWMS version 2.5 due to the program not properly validating user-supplied input

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. The Linksys EA6500 is a wireless router device. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible