VARIoT IoT vulnerabilities database

Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-220: Sensitive Data Under FTP Root (FTP Root Important data under ) Has been identified. http://cwe.mitre.org/data/definitions/220.htmlBy a third party RETR Important information may be obtained through commands. Successful exploits will allow attackers to gain unauthorized access to sensitive areas of the file system, which may aid in further attacks

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. QNAP Systems QNAP TS-469U Turbo NAS is a NAS storage server from QNAP Systems. An insecure file permission vulnerability exists in QNAP Systems QNAP TS-469U Turbo NAS. A local attacker could use this vulnerability to gain permissions to a globally readable file and extract sensitive information from it. There are security vulnerabilities in QNAP TS-469U Turbo NAS running 4.0.7 Build 20140410 firmware, other versions may also be affected. Information obtained may aid in other attacks. read permission

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344. Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuj83344

Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCup57676. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

The Samsung Galaxy phone is a mobile phone developed by Samsung. The factory reset feature of the Samsung Galaxy 1 and 2 phones is vulnerable, allowing attackers to use the vulnerability to reset the factory settings and collect sensitive information such as user images and application data.

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party. There is an undisclosed admin user account and admin password in the system. This vulnerability can be exploited by attackers to bypass the authentication mechanism and obtain Authorized access. This may aid in further attacks

Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 prior to 11.4R11, 12.1X44 prior to 12.1X44-D34, 12.1X45 prior to 12.1X45-D25, 12.1X46 prior to 12.1X46-D20, 12.1X47-D10 prior 12.1X47 version

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet. Juniper Junos is prone to a remote denial-of-service vulnerability. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 prior to 11.4R12, 12.1 prior to 12.1R10, 12.1X44 prior to 12.1X44-D35, 12.1X45 prior to 12.1X45-D25, 12.1X46 prior to 12.1X46-D20 , 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, 14.1R1 Version 14.1

Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Juniper Networks Junos on SRX Series devices is a set of network operating systems of Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Juniper Junos 12.1X46 prior to 12.1X46-D20 and 12.1X47 prior to 12.1X47-D10 on SRX Series devices

Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Note: This issue affects on SRX series devices. Juniper Networks Junos on SRX Series devices is a set of network operating systems of Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 prior to 11.4R12, 12.1X44 prior to 12.1X44-D32, 12.1X45 prior to 12.1X45-D25, 12.1X46 prior to 12.1X46-D20, 12.1X47-D10 prior 12.1X47 version

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors. Schrack Emergency Lights System is a set of emergency lighting system of Austria Schrack company. The system includes self-contained emergency luminaires, low power systems (LPS), and more. Schrack Emergency Lights System versions prior to 1.7.0 (937) have the following security vulnerabilities: 1. Insecure default password vulnerability 2. Authentication bypass vulnerability 3. HTML injection vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to bypass authentication mechanisms, perform unauthorized operations, obtain sensitive information, and execute arbitrary script code in the context of affected browsers. Steal cookie-based authentication. Multiple HTML-injection vulnerabilities 4. Schrack Technik microControl is a distributed power supply system (low power consumption system) of Schrack Technik Company in Austria. A remote attacker could exploit this vulnerability to gain access

Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. An attacker can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCui45606

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. Vendors have confirmed this vulnerability Bug ID CSCup62442 and CSCup58463 It is released as.A third party may be able to read any file via a modified request. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. A remote attacker can read arbitrary files with a modified request. Cisco WebEx Meetings Client is prone to an arbitrary-file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. This issue is being tracked by Cisco bug IDs CSCup62442 and CSCup58463

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. This vulnerability Bug ID CSCup62463 and CSCup58467 It is released as.A third party could execute arbitrary code through crafted data. Allow remote attackers to exploit exploits to execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. This issue is being tracked by Cisco bug IDs CSCup62463 and CSCup58467

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. Schrack Emergency Lights System is a set of emergency lighting system of Austria Schrack company. The system includes self-contained emergency luminaires, low power systems (LPS), and more. Schrack Emergency Lights System versions prior to 1.7.0 (937) have the following security vulnerabilities: 1. Insecure default password vulnerability 2. Authentication bypass vulnerability 3. HTML injection vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to bypass authentication mechanisms, perform unauthorized operations, obtain sensitive information, and execute arbitrary script code in the context of affected browsers. Steal cookie-based authentication. Multiple HTML-injection vulnerabilities 4. Schrack Technik microControl is a distributed power supply system (low power consumption system) of Schrack Technik Company in Austria

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Dell SonicWALL Scrutinizer is prone to multiple security vulnerabilities, including: 1. A privilege-escalation vulnerability 2. Multiple SQL-injection vulnerabilities Attackers can exploit these issues to perform certain actions with elevated privileges, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Dell SonicWALL Scrutinizer is a set of multi-vendor application communication analysis visualization and reporting tools developed by Dell. The tool provides features such as deep packet analysis, vibration/latency monitoring, and historical and proactive reporting

Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. Fortinet Fortiweb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet Fortiweb 5.0.x, 5.1.x and 5.2.0 are vulnerable. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content. A cross-site scripting vulnerability exists in the user/ldap_user/check_dlg and user/radius_user/check_dlg URIs of Fortinet FortiGuard FortiWeb 5.0.x to 5.2.0

Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. Infoblox Network Automation is a network automation product. Infoblox Network Automation has a weak password with a username/password of root/root. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to a local security-bypass vulnerability. Local attackers may exploit this issue to bypass certain security restrictions and perform unauthorized actions

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is "root" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability