VARIoT IoT vulnerabilities database

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. Apple iOS is prone to a local security-bypass vulnerability. Attackers with physical access to device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iCloud is a cloud service of Apple (Apple), which supports the storage of music, photos, Apps and contacts

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Hitachi Incident Response Team (HIRT) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a malformed request may cause the condition that the target system does not respond. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56 Description =========== Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41" All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56" References ========== [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-29.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Details on the update and each vulnerability are in the KM articles below. **Note:** The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: <https://softwaresupport.hpe.com>. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also addressed with this release: It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285) It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003) It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440) It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. CVE-2013-2071 A runtime exception in AsyncListener.onComplete() prevents the request from being recycled. This may expose elements of a previous request to a current request. CVE-2013-4322 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount of data to the server. For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1. For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1. For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1. We recommend that you upgrade your tomcat7 packages. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. ============================================================================ Ubuntu Security Notice USN-2130-1 March 06, 2014 tomcat6, tomcat7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. This issue only applied to Ubuntu 12.04 LTS. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0050) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libtomcat7-java 7.0.42-1ubuntu0.1 Ubuntu 12.10: libtomcat7-java 7.0.30-0ubuntu1.3 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.4 Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.15 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657823 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04657823 Version: 1 HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-05-11 Last Updated: 2015-05-11 Potential Security Impact: Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SDN VAN Controller. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or a Distributed Denial of Service (DDoS). References: CVE-2014-0050 Remote Denial of Service (DoS) CVE-2015-2122 Remote Distributed Denial of Service (DDoS) SSRT102049 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SDN VAN Controller version 2.5 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends either of the two following workarounds for the vulnerabilities in the HP SDN VAN Controller. - The network for the server running the HP SDN VAN Controller management VLAN should be on a separate and isolated "management" VLAN. - Configure the firewall on the server running HP SDN VAN Controller so that the only network traffic allowed to the REST port is from trusted servers on the network that need to use the REST layer. For example: the Microsoft Lync Server for Optimizer. For more detailed information, please refer to the "Securing REST layer Access on HP VAN SDN Controllers" article at the following location: http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em r_na-c04676756 HISTORY Version:1 (rev.1) - 11 May 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. References: - CVE-2009-5028 - Namazu Remote Denial of Service - CVE-2011-4345 - Namazu Cross-site Scripting - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information - CVE-2017-5787 - DoS - LINUX VCRM - CVE-2016-8517 - SIM - CVE-2016-8516 - SIM - CVE-2016-8518 - SIM - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM - CVE-2016-8515 - Malicious File Upload - Linux VCRM - CVE-2016-8514 - Information Disclosure - Linux VCRM SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 ===================================================================== 1. Summary: Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes. 2. Description: Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172) A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192) It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152) It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517) It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429) The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050) It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054) A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904) The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085) The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat. 3. Solution: All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429 5. References: https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site. Opera Web Browser versions prior to 19.00 are vulnerable. It supports multi-window browsing and a customizable user interface

Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. SIEMENS SIMATIC WinCC Open Architecture has an information disclosure vulnerability that can be exploited by remote attackers to obtain sensitive information. The system is mainly applicable to industries such as rail transit, building automation and public power supply. There is a directory traversal vulnerability in Siemens SIMATIC WinCC OA 3.12 and earlier versions

Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports the setting up of personal blog websites on PHP and MySQL servers. WooCommerce SagePay Direct Payment Gateway is one of the WooCommerce (e-commerce) payment gateway plugins. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vulnerabilities in WooCommerce SagePay Direct Payment version 0.1.6.6, other versions may also be affected

The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. SIEMENS SIMATIC WinCC Open Architecture has an unknown arbitrary code execution vulnerability that could allow a remote attacker to execute arbitrary code in the context of an affected application, possibly resulting in a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to an unspecified arbitrary code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. SIEMENS SIMATIC WinCC OA prior to 3.12 P002 are vulnerable. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. A security vulnerability exists in SIEMENS SIMATIC WinCC OA prior to 3.12. A remote attacker can exploit a vulnerability to cause a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to denial-of-service vulnerability. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. Rockwell Automation is a provider of industrial automation, control and information technology solutions. An attacker can exploit this issue to compromise user defined passwords. This results in unauthorized access and may lead to further attacks. RSLogix 5000 versions 7.0 through 20.01 and V21.0 are vulnerable. The software provides high-performance integrated control systems for manufacturers and machine builders who need medium-sized control systems, and also provides a unified development environment for Rockwell Automation Integrated Architecture systems. A security bypass vulnerability exists in Rockwell Automation RSLogix 5000 versions 7 through 20.01 and 21.0 due to the program not properly password-protecting the '.ACD' file

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. The components may leak information from memory. (CWE-200). Multiple F5 Networks Products are prone to an unspecified local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. The following products are vulnerable: BIG-IP APM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4 BIG-IP Edge Gateway 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 FirePass 6.0.0 through 6.1.0 and 7.0.0. The following versions and products are vulnerable: Versions prior to Desktop Client 9.0R3, and 5.3R7 Versions prior to Pulse Connect Secure 9.0R3, 8.3R7, and 8.1R14. F5 BIG-IP APM, etc. are all products of the US F5 (F5) company. F5 BIG-IP APM is an access and security solution. The product provides unified access to business-critical applications and networks. F5 FirePass is a product that provides secure remote access to internal enterprise applications and data. Edge Client is one of the integrated remote access clients used in BIG-IP solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: F5 BIG-IP APM Version 10.x, Version 11.x, Version 12.x, Version 13.x, Version 14.x; BIG-IP Edge Gateway Version 10.x, Version 11.x Version; FirePass version 7.0.0

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0137-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0137.html Issue date: 2014-02-05 Updated on: 2014-02-04 CVE Names: CVE-2014-0497 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.336-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.336-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.336-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.336-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0497.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-04.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS8fK3XlSAg2UNWIIRAn3HAJ9Dl9yTq8uwL1jZXpBhxpTOeSlNXACfcWWO 2pb3HgPGlwSq5PcZSe2neeg= =KItO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: February 06, 2014 Bugs: #491148, #493894, #498170, #500313 ID: 201402-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context of the device

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798). ASUS , DIGICOM , Observa Telecom , Philippine Long Distance Telephone (PLDT) , ZTE Provided by DSL The router has a hard-coded password "XXXXaircon" There is a problem to use. ASUS DSL-N12E , DIGICOM DG-5524T , Observa Telecom RTA01N , Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN , ZTE ZXV10 W300S Etc. DSL The router has telnet There is a problem that authentication information that can be used to access the device is hard-coded. The username is ASUS , DIGICOM , Observa Telecom , ZTE In the equipment of "admin" But, PLDT In the equipment of "adminpldt" Is used and the password is "XXXXairocon" ( XXXX Is the equipment MAC The last four digits of the address are used. MAC Address is SNMP Community string public May be able to get through. Authentication information ( password ) Is hard-coded (CWE-798) CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html This vulnerability ZTE ZXV10 W300 As a matter of 2014 Year 2 A month JVNVU#99523838 Published on CVE-2014-0329 Has been assigned. This time, products from several other vendors have been found to have the same vulnerability. Observa Telecom RTA01N For vulnerabilities in 2015 Year 5 A month Full Disclosure It is published in JVNVU#99523838 https://jvn.jp/vu/JVNVU99523838/ Full Disclosure http://seclists.org/fulldisclosure/2015/May/129A remote attacker could use the authentication information and gain access to the device as an administrator. ZTE Provided by ZXV10 W300 Has a problem with hard-coded credentials. Multiple DSL Routers are prone to a security-bypass vulnerability. The vulnerability stems from the fact that the program installation uses default hard-coded credentials, and the first four digits of the admin account password 'XXXXairocon' are set to the last four digits of the MAC address

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC Open Architecture is prone to an insecure password-hash weakness. Versions prior to SIMATIC WinCC Open Architecture 3.12 P002 are vulnerable. The system is mainly applicable to industries such as rail transit, building automation and public power supply

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. In addition, JVNVU#95318893 Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlBy a third party ping_ipaddr An arbitrary command may be executed via the shell metacharacter in the parameter. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. Fortinet Fortiweb is prone to an HTML-injection vulnerability because they fail to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Fortinet Fortiweb 5.0.3 is vulnerable; other versions may also be affected. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content

Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. (CWE-79). Fortinet Provided by FortiOS Contains a cross-site scripting vulnerability. Fortinet Provided by FortiOS Is /firewall/schedule/recurrdlg of mkey There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS 5.0.5 is vulnerable; other versions may also be affected. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. The vulnerability is due to the fact that the value of the parameter 'mkey' is not properly sanitized when passed to firewall/schedule/recurrdlg

Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79). Fortinet Provided by Fortiweb Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet Fortiweb 5.0.3 is vulnerable; other versions may also be affected. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. The vulnerability stems from the fact that the value of the parameter 'filter' is not properly filtered when passed to user/ldap_user/add

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks