VARIoT IoT vulnerabilities database

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. (DoS) It may be put into a state. Barracuda Web Application Firewall is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the appliance. This may aid in further attacks. Barracuda Web Application Firewall 7.8.1.013 is vulnerable; other versions may also be affected. A code issue vulnerability exists in version 7.8.1.013 of Barracuda Networks Barracuda WAF

Hikvision video network monitoring system iVMS-8100 is a set of video network monitoring platform software used in the financial industry. The Hikvision video network monitoring system ivms-8100 has a struts2 remote command execution vulnerability, allowing an attacker to use the vulnerability to obtain system administrator system permissions, send remote instructions to the server system, and check, add, and Delete, modify, etc.

The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. SubSTATION Server is a versatile software for intelligent substation intelligence and IT networks for data aggregation, protocol translation, automation logic and more. A security vulnerability exists in the SubSTATION Server protocol. An attacker can trigger a buffer overflow by sending a specially crafted RTU message to the Telegyr 8979 master, causing a denial of service attack. SubSTATION Server is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl NaJSaZq4W6qIMwD8fhQF5Ls= =R/mF -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-3528) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1 Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201610-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Background ========== Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories. The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4" All Serf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7" References ========== [ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201610-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2"

There are several vulnerabilities in the D-Link AP 3200: 1. D-Link AP 3200 is a wireless access device from D-Link. D-Link AP 3200 has a security bypass and information disclosure vulnerability. Attackers can use these vulnerabilities to bypass security restrictions or gain access to sensitive information to perform unauthorized operations in user sessions. D-Link DWL-3200AP is prone to the following security vulnerabilities: 1. A security-bypass vulnerability 2. Other attacks are also possible

The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. SAP NetWeaver Business Warehouse is prone to an unauthorized-access vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-026: Missing authorization check in function modules of BW-SYS-DB-DB4 This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote authenticated attacker would be able to perform activities for which he is not authorized. Risk Level: Low 2. Advisory Information - - Public Release Date: 2014-07-29 - - Subscriber Notification Date: 2014-07-29 - - Last Revised: 2014-07-25 - - Security Advisory ID: ONAPSIS-2014-026 - - Onapsis SVS ID: ONAPSIS-00114 - - Researcher: Nahuel D. S\xe1nchez - - Initial Base CVSS v2: 3.5 (AV:N/AC:M/AU:S/C:P/I:N/A:N) 3. (Check SAP Note 1974016 for detailed information on affected releases) - - Vulnerability Class: Improper Access Control (CWE-284) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-026 4. Affected Components Description SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information. 5. Vulnerability Details A remote authenticated attacker could execute the vulnerable RFC functions in function group BW-SYS-DB-DB4. Technical details about this issue are not disclosed at this moment with the purpose of providing enough time to affected customers to patch their systems and protect against the exploitation of the described vulnerability. 6. Solution SAP has released SAP Note 1974016 which provides patched versions of the affected components. The patches can be downloaded from https://service.sap.com/sap/support/notes/1974016 Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks. 7. Report Timeline 2014-01-20: Onapsis provides vulnerability information to SAP AG. 2014-04-08: SAP releases security patches. 2014-07-29: Onapsis notifies availability of security advisory. About Onapsis, Inc. Onapsis provides innovative security software solutions to protect ERP systems from cyber-attacks. Through unmatched ERP security, compliance and continuous monitoring products, Onapsis secures the business-critical infrastructure of its global customers against espionage, sabotage and financial fraud threats. Onapsis X1, the company's flagship product, is the industry's first comprehensive solution for the automated security assessment of SAP platforms. Being the first and only SAP-certified solution of its kind, Onapsis X1 allows customers to perform automated Vulnerability Assessments, Security & Compliance Audits and Penetration Tests over their entire SAP platform. Onapsis is backed by the Onapsis Research Labs, a world-renowned team of SAP & ERP security experts who are continuously invited to lecture at the leading IT security conferences, such as RSA and BlackHat, and featured by mainstream media such as CNN, Reuters, IDG and New York Times. For further information about our solutions, please contact us at info@onapsis.com and visit our website at www.onapsis.com. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlPXtbgACgkQz3i6WNVBcDWN+wCcDSS2XQZ9ekEahFTHMRuvsxNk VwYAoN3qbuKsw2fS6yVjKc5KZ4qzhoW7 =MqQo -----END PGP SIGNATURE-----

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. SAP HANA is a combination of software and hardware that provides high-performance data query functions. Users can directly query and analyze large amounts of real-time business data without modeling and aggregating business data. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Risk Level: Medium 2. Advisory Information - - Public Release Date: 2014-07-29 - - Subscriber Notification Date: 2014-07-29 - - Last Revised: 2014-07-25 - - Security Advisory ID: ONAPSIS-2014-025 - - Onapsis SVS ID: ONAPSIS-00128/129/130 - - Researcher: Will Vandevanter - - Initial Base CVSS v2: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) 3. Vulnerability Information - - Vendor: SAP - - Affected Components: - SAP HANA (Check SAP Note 1993349 for detailed information on affected releases) - - Vulnerability Class: Improper Neutralization of Input During Web Page Generation - Reflected Cross Site Scripting (CWE-9) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: No - - Detection Module available in Onapsis X1: Yes - - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025 4. 5. Reflected cross-site scripting can be used to steal another user's authentication information, such as data relating to their current session. An attacker who gains access to this data may use it to impersonate the user and access all information with the same rights as the target user. If an administrator is impersonated, the security of the application may be fully compromised. Technical details about this issue are not disclosed at this moment with the purpose of providing enough time to affected customers to patch their systems and protect against the exploitation of the described vulnerability. 6. Solution SAP has released SAP Note 1993349 which provides patched versions of the affected components. The patches can be downloaded from https://service.sap.com/sap/support/notes/1993349. Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks. 7. Report Timeline 2014-03-05: Onapsis provides vulnerability information to SAP AG. 2014-03-06: SAP confirms having the information of vulnerability. 2014-04-08: SAP releases security patches. 2014-07-29: Onapsis notifies availability of security advisory. About Onapsis, Inc. Onapsis provides innovative security software solutions to protect ERP systems from cyber-attacks. Through unmatched ERP security, compliance and continuous monitoring products, Onapsis secures the business-critical infrastructure of its global customers against espionage, sabotage and financial fraud threats. Onapsis X1, the company's flagship product, is the industry's first comprehensive solution for the automated security assessment of SAP platforms. Being the first and only SAP-certified solution of its kind, Onapsis X1 allows customers to perform automated Vulnerability Assessments, Security & Compliance Audits and Penetration Tests over their entire SAP platform. Onapsis is backed by the Onapsis Research Labs, a world-renowned team of SAP & ERP security experts who are continuously invited to lecture at the leading IT security conferences, such as RSA and BlackHat, and featured by mainstream media such as CNN, Reuters, IDG and New York Times. For further information about our solutions, please contact us at info@onapsis.com and visit our website at www.onapsis.com. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlPXtbEACgkQz3i6WNVBcDUm6ACgx0Q/LGvyZZI3o4zgdO9jISby r8oAnj4cEwjlkzycvD4il3z0e/JujVH2 =aEdj -----END PGP SIGNATURE-----

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. Innominate mGuard is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. Innominate mGuard is a series of products including network security equipment such as firewall and VPN from German Innominate Company

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. SAP Solution Manager is a system management platform that integrates system monitoring, SAP support desktop, self-service, and ASAP implementation. Attackers exploit vulnerabilities to bypass certain security restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAP_JTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences. 1. Impact on Business By exploiting this vulnerability a remote unauthenticated attacker would be able to access restricted functionality and information. Risk Level: Medium 2. Advisory Information - - Public Release Date: 2014-07-29 - - Subscriber Notification Date: 2014-07-29 - - Last Revised: 2014-07-25 - - Security Advisory ID: ONAPSIS-2012-023 - - Onapsis SVS ID: ONAPSIS-00061 - - Researcher: Nahuel D. S\xe1nchez - - Initial Base CVSS v2: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 3. Vulnerability Information - - Vendor: SAP - - Affected Components: - SAP Solution Manager 7.1 (Check SAP Note 1778940 for detailed information on affected releases) - - Vulnerability Class: Authentication Bypass (CWE-302) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: No - - Detection Module available in Onapsis X1: Yes - - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-023 4. Affected Components Description The License Measurement Servlet allows system administrators to review System's license usage and perform system tests. 5. Technical details about this issue are not disclosed at this moment with the purpose of providing enough time to affected customers to patch their systems and protect against the exploitation of the described vulnerability. 6. Solution SAP has released SAP Note 1778940 which provides patched versions of the affected components. The patches can be downloaded from https://service.sap.com/sap/support/notes/1778940 . Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks. 7. Report Timeline 2012-07-30: Onapsis provides vulnerability information to SAP AG. 2014-04-08: SAP releases security patches. 2014-07-29: Onapsis notifies availability of security advisory. About Onapsis, Inc. Onapsis provides innovative security software solutions to protect ERP systems from cyber-attacks. Through unmatched ERP security, compliance and continuous monitoring products, Onapsis secures the business-critical infrastructure of its global customers against espionage, sabotage and financial fraud threats. Onapsis X1, the company's flagship product, is the industry's first comprehensive solution for the automated security assessment of SAP platforms. Being the first and only SAP-certified solution of its kind, Onapsis X1 allows customers to perform automated Vulnerability Assessments, Security & Compliance Audits and Penetration Tests over their entire SAP platform. Onapsis is backed by the Onapsis Research Labs, a world-renowned team of SAP & ERP security experts who are continuously invited to lecture at the leading IT security conferences, such as RSA and BlackHat, and featured by mainstream media such as CNN, Reuters, IDG and New York Times. For further information about our solutions, please contact us at info@onapsis.com and visit our website at www.onapsis.com. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlPXtaIACgkQz3i6WNVBcDXjLwCggwu7sLoMy8KuSuZVAnlSR/7j DrUAoNp3hUvPzYg8+zQ0vRpnGtjTEHeR =vdlU -----END PGP SIGNATURE-----

Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. Silver Peak VX is a virtual WAN optimization solution. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum86620. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. Attackers can exploit this issue to cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03993467 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03993467 Version: 1 HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). References: CVE-2013-4840 (SSRT101341) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlPSvrQACgkQ4B86/C0qfVkZDACeKwOBFv2gsebln3WHlNhYV4QK pKYAoJrFJIwsRxrPIN4DQCn4D3cTsYyW =zq6e -----END PGP SIGNATURE-----

Parallels Tools is a set of virtual machine tools of Parallels Corporation in the United States. A local elevation of privilege vulnerability exists in Parallels Tools. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application with local access. Vulnerabilities exist in Parallels Tools version 9.0, other versions may also be affected

Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. Silver Peak VX is a virtual WAN optimization solution

Sagem F@st 3304-v1 is an ADSL device. Sagem Fast 3304-V1 is a router product of French company Sagem. A denial of service vulnerability exists in Sagem Fast 3304-V1. An attacker could use this vulnerability to cause the affected device to restart or reset and deny legitimate users

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. Vendors have confirmed this vulnerability Bug ID CSCuj81708 It is released as.Skillfully crafted by a third party URL You may get important information through. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. This issue is being tracked by Cisco bug ID CSCuj81708. There is a security vulnerability in the user.php script of CWMS 1.5 (.1.131) and earlier versions

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81713

The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. An attacker can leverage this issue to obtain sensitive information like valid user accounts, that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81722. There is a security hole in the OutlookAction Class of CWMS, which is caused by the program not filtering the return message correctly

The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. Cisco WebEx Meetings Server (CWMS) of ProfileAction A vulnerability exists in the controller that can retrieve important information. Vendors have confirmed this vulnerability Bug ID CSCuj81700 It is released as.If a third party reads the stack trace of the reply message, important information may be obtained. Cisco WebEx Meetings Server is a Cisco Conference Center implementation from Cisco. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81700