VARIoT IoT vulnerabilities database

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following products are affected: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520. This vulnerability CVE-2014-0517 , CVE-2014-0518 ,and CVE-2014-0520 Is a different vulnerability.An attacker may be able to bypass access restrictions. This may aid in further attacks. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.20= 2.359" References ========== [ 1 ] CVE-2014-0510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510 [ 2 ] CVE-2014-0516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516 [ 3 ] CVE-2014-0517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517 [ 4 ] CVE-2014-0518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518 [ 5 ] CVE-2014-0519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519 [ 6 ] CVE-2014-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0516) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.359. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520. This vulnerability CVE-2014-0518 , CVE-2014-0519 ,and CVE-2014-0520 Is a different vulnerability.An attacker may be able to bypass access restrictions. This may aid in further attacks. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.20= 2.359" References ========== [ 1 ] CVE-2014-0510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510 [ 2 ] CVE-2014-0516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516 [ 3 ] CVE-2014-0517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517 [ 4 ] CVE-2014-0518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518 [ 5 ] CVE-2014-0519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519 [ 6 ] CVE-2014-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0516) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.359. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. An attacker can exploit this issue to bypass certain same-origin policy restrictions, which may aid in further attacks. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.20= 2.359" References ========== [ 1 ] CVE-2014-0510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510 [ 2 ] CVE-2014-0516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516 [ 3 ] CVE-2014-0517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517 [ 4 ] CVE-2014-0518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518 [ 5 ] CVE-2014-0519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519 [ 6 ] CVE-2014-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. This vulnerability is CVE-2014-0517 , CVE-2014-0519 ,and CVE-2014-0520 This is a different vulnerability.An attacker could bypass access restrictions. This may aid in further attacks. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.20= 2.359" References ========== [ 1 ] CVE-2014-0510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510 [ 2 ] CVE-2014-0516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516 [ 3 ] CVE-2014-0517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517 [ 4 ] CVE-2014-0518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518 [ 5 ] CVE-2014-0519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519 [ 6 ] CVE-2014-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0516) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.359. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519. This vulnerability CVE-2014-0517 , CVE-2014-0518 ,and CVE-2014-0519 Is a different vulnerability.An attacker may be able to bypass access restrictions. This may aid in further attacks. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.20= 2.359" References ========== [ 1 ] CVE-2014-0510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510 [ 2 ] CVE-2014-0516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516 [ 3 ] CVE-2014-0517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517 [ 4 ] CVE-2014-0518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518 [ 5 ] CVE-2014-0519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519 [ 6 ] CVE-2014-0520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0516) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.359. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. Multiple IBM Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The vulnerability stems from the fact that the program stores plaintext IPMI certificates. An attacker can exploit this vulnerability to execute arbitrary IPMI commands and establish a remote control session of the blade

D-Link DWC-1000 'thispage' has a directory traversal vulnerability, because the input submitted to platform.cgi via the \"thispage\" POST parameter is not fully filtered before being used to read the file, allowing remote attackers to exploit the vulnerability through directory traversal and The NULL byte of the URL encoding reads the contents of any file in the system. D-Link DWC-1000 is an enterprise router product of D-Link. D-Link DWC-1000 4.2.0.6_WW and earlier versions have a directory traversal vulnerability. An attacker could use this vulnerability to gain access to arbitrary files. D-Link DWC-1000 is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet. plural YOKOGAWA Product extended test function package BKESimmgr.exe Contains a stack-based buffer overflow vulnerability.A third party may be able to execute arbitrary code via a crafted packet. The Yokogawa CENTUM CS3000 is a production control system. Yokogawa's multiple product simulator management process has a stack buffer overflow vulnerability due to the Yokogawa CENTUM CS3000 BKESimmgr.exe service failing to properly use memcpy to handle user-submitted special requests, allowing remote attackers to exploit vulnerabilities for buffer overflow attacks, making applications The context executes arbitrary code. Multiple Yokogawa products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Version 71.02 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.0 and earlier

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors. HP H-series Fibre Channel Switches is a Fibre Channel switch device. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04277407 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04277407 Version: 1 HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-05-09 Last Updated: 2014-05-09 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP H-series Fibre Channel Switches. This vulnerability could be exploited remotely to disclose information. References: CVE-2014-2603, SSRT101555 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Follow the steps below to obtain the firmware update. Download the updated firmware from the following HP website: Go to the HP Support Center home page at http://www.hp.com/go/hpsc In left navigation panel under DOWNLOAD OPTIONS , click Drivers, Software & Firmware Under All HP products, click Storage Under Storage, click Storage Networking. Under Storage Networking, click H-series Switches. Under H-series Switches, click H-series SAN Switches. Under H-series SAN Switches, click your switch product. Under your switch product, click your switch model from the list of impacted products Under operating system, click Cross operating system (BIOS, Firmware, Diagnostics, etc.) In the Description column of the table under Firmware, click Firmware for the HP H-series Fibre Channel Switches for version v8.0.14.08.00 or newer/ Click Download to obtain the firmware HISTORY Version:1 (rev.1) - 9 May 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlNtCfoACgkQ4B86/C0qfVnYygCdEi4Z+Ni/od5CAxa/+2TR0wTj mioAoJ7jTVn91GSnYF+Q1x76vWzzPfn6 =qBPv -----END PGP SIGNATURE-----

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to construct read and write paths which can lead to SQL injection. An attacker may be able to leverage this vulnerability to achieve remote code execution. CSWorks is a software architecture for building WEB-based HMI, SCADA and M2M industrial automation solutions. CSWorks is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database. CSWorks 2.5.5050.0 and prior are vulnerable

D-Link DIR-652 is a router product of D-Link. Many D-Link routers have the following security vulnerabilities: 1. Password leakage vulnerability 2. Cross-site scripting vulnerability 3. Information disclosure vulnerability. Attackers can use these vulnerabilities to execute HTML and arbitrary script code on the user's browser in the context of the affected device, steal cookie-based authentication, or gain access to sensitive information. The following models are affected: D-Link DIR-652, DIR-835, DIR-855L, DGL-5500, DHP-1565. Other attacks are also possible. The following five D-Link model routers suffer from several vulnerabilities including Clear Text Storage of Passwords, Cross Site Scripting and Sensitive Information Disclosure. DIR-652 D-Link Wireless N Gigabit Home Router DIR-835 D-Link Network DIR-835L Wireless N 750M Dual-band 802.11n 4Port Gigabit Router DIR-855L - D-Link Wireless N900 Dual Band Gigabit Router DGL-5500 D-Link AC1300 Gaming Router DHP-1565 D-Link Wireless N PowerLine Gigabit Router Affected firmware - FW 1.02b18/1.12b02 or older Access - Remote Complexity - Low Authentication - None Impact - Full loss of confidentiality ------------------------------------------------------------------------------------------------------------- Clear Text Password - CWE - CWE-316: Cleartext Storage of Sensitive Information Authentication can be bypassed to gain access to the file tools_admin.asp, which stores the devices admin password in plain text, by adding a "/" to the end of the URL. Proof of Concept for the DGL-5500, DIR-855L and the DIR-835: curl -s http://<IP>/tools_admin.asp/ |awk '/hidden/ && /admin_password_tmp/ && /value/ {print $5}' PoC for the DHP-1565 and DIR-652, the generic 'user' must be added. curl -s http://<IP>/tools_admin.asp/ -u user:|awk '/hidden/ && /admin_password_tmp/ && /value/ {print $5}' ------------------------------------------------------------------------------------------------------------- Cross Site Scripting - CWE - CWE-79: Improper Neutralization of User Input / Return For the file "apply.cgi" ("apply_sec.cgi" on the DGL-5500) the POST param "action" suffers from a XSS vulnerability due to improper neutralization of user input / return output. PoC for DIR-855L, DIR-835, DHP-1565 http://<IP>/apply.cgi POST graph_code=X&session_id=123456&login_n=user&login_name=8&action=%3Cbody%3E%3Chtml%3E%3Ch2%3E%3CEMBED%20src%3D%22%3Ctd%20dir%3D%22rtl%22class%3D%22skytext%22width%3D%2277%25%22%3E%3Cmarquee%20%20%20scrollAmount%3D5%20scrollDelay%3D10%20direction%3D%22right%22style%3D%22color%3Ared%3Bfont-weight%3Abold%3B%22%3ESquirrel%20Injection%22%3C%2fh2%3E%3C%2fmarquee%3E%20%3C%2fbody%3E%3C%2fhtml%3E%3C%2ftd%3E%3E&log_pass=&html_response_page=login_pic.asp&tmp_log_pass=&gcode_base64=MTg0MzU%3D HTTP/1.1 For the DGL-5500 http://<IP>/apply_sec.cgi POST graph_code=X&session_id=123456&login_n=user&login_name=8&action=%3Cbody%3E%3Chtml%3E%3Ch2%3E%3CEMBED%20src%3D%22%3Ctd%20dir%3D%22rtl%22class%3D%22skytext%22width%3D%2277%25%22%3E%3Cmarquee%20%20%20scrollAmount%3D5%20scrollDelay%3D10%20direction%3D%22right%22style%3D%22color%3Ared%3Bfont-weight%3Abold%3B%22%3ESquirrel%20Injection%22%3C%2fh2%3E%3C%2fmarquee%3E%20%3C%2fbody%3E%3C%2fhtml%3E%3C%2ftd%3E%3E&log_pass=&html_response_page=login_pic.asp&tmp_log_pass=&gcode_base64=MTg0MzU%3D HTTP/1.1 ------------------------------------------------------------------------------------------------------------- Sensitive Information Disclosure - CWE - CWE-200: Information Exposure The D-Link models DGL-5500, DIR-855L, DIR-835 suffer from a vulnerability which an unauthenticated person can gain access the sensitive files: http://<IP>:8080/hnap.cgi and /HNAP1/ via: curl -s curl -s http://<IP>:8080/HNAP1/ On the DIR-652 and DHP-1565, a user needs authentication first to gain access to these files. But more importantly, an unauthenticated user can browse directly to http://<IP>/cgi/ssi/ which will offer a download of the device's ELF MBS MIPS file. The file contains most of the devices internal working structure and sensitive information. These particular routers use a MSB EM_MIPS Processor and it does contain executable components. The file can be accessed through at least one known cgi file, however there maybe others. Although no known publicly working example exist to my knowledge, unpatched devices are susceptible to injection of malicious code and most likely susceptible to a payload which could deploy a self-replicating worm. ------------------------------------------------------------------------------------------------------------- These items were reported to D-Link on April 20th, and to US Cert on April 21. D-Link does have patches available for all affected models, and it is highly recommended to update the device's firmware as soon as possible. Vendor Links: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10025 http://securityadvisories.dlink.com/security/ Research Contact - Kyle Lovett May 21, 2014

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server. FOSCAM IP-Cameras is a webcam device. An information disclosure vulnerability exists in Foscam IP Camera version 11.37.2.49. When using the Foscam DynDNS option, the program uses the camera subdomain as the username and password. An attacker can exploit this issue to gain access to sensitive information and perform certain unauthorized actions; this may lead to further attacks

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. D-Link DAP-1350 (Rev. The D-Link DAP-1350 is a router device. The D-Link DAP-1350 login page failed to properly filter user-submitted input, allowing remote attackers to exploit exploits to submit specially crafted SQL queries to bypass authentication. D-Link DAP-1350 is prone to an SQL-injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Version prior to D-Link DAP-1350 1.14 (HW version A1). D-Link DAP-1350 is a wireless access device product of D-Link

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. plural F5 BIG-IP Series and BIG-IQ Family product iControl API Contains a vulnerability that allows arbitrary command execution. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remote administrator SOAP An arbitrary command may be executed via a shell metacharacter in the hostname element of the request. F5 BIG-IP is a device product for application delivery services manufactured by F5 Network, which is mainly used for load balancing, business acceleration optimization and other purposes. A remote command injection vulnerability exists in multiple F5 BIG-IP products. Because the product fails to effectively filter the data provided through the iControl connection, this allows an attacker with a valid administrator account to exploit the vulnerability to access arbitrary commands on the affected system by accessing iControl. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks

Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. Cisco WebEx WRF and ARF Players are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh52768

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. Cisco Advanced Recording Format (ARF) Player Contains a buffer overflow vulnerability. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug ID CSCuj87565

Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. Cisco WebEx Recording Format (WRF) Player Contains a heap-based buffer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug IDs CSCul87216, CSCuj07603

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug IDs CSCui72223, CSCul01163, CSCul0116