VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201402-0204 CVE-2014-0726 Cisco Unified Communications Manager of IP Manager Assistant In the interface SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05326. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0572 No CVE Unknown security bypass vulnerability exists in FRITZ!Box products CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
FRITZ! Box is a residential gateway device from AVM GmbH. A number of FRITZ!Box products have remote security bypass vulnerabilities that allow an attacker to exploit a vulnerability to bypass specific security restrictions and perform any unauthenticated operations. Multiple FRITZ!Box products are prone to a remote security-bypass vulnerability
VAR-201402-0205 CVE-2014-0727 Cisco Unified Communications Manager CMIVR Interface SQL Injection Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05318. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0392 CVE-2014-1253 Apple Boot Camp of AppleMNT.sys Service disruption in (DoS) Vulnerabilities CVSS V2: 4.7
CVSS V3: -
Severity: MEDIUM
AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. Apple Boot Camp is prone to a memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible, however, it has not been confirmed. This issue is fixed in Boot Camp 5.1. Apple Boot Camp is a set of system plug-ins from Apple (Apple) that supports Mac to run Windows operating system. The plug-in is built into the Mac OS X system. A security vulnerability exists in the AppleMNT.sys file in Apple Boot Camp version 5.0. The issue was addressed through improved bounds checking. CVE-ID CVE-2014-1253 : MJ0011 of 360 Security Center Boot Camp 5.1 may be obtained via Apple Software Update or from: http://support.apple.com/downloads/ Depending on your Mac model, the downloading file name is one of the following two: The download file name: BootCamp5.1.5621.zip Its SHA-1 digest: 72c71be259474836c17ddd400aca2218660b8aac The download file name: BootCamp5.1.5640.zip Its SHA-1 digest: 2998a7881509a87b22abc6764379c0a33b6ced3a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS+rIpAAoJEPefwLHPlZEwM0gQAJ5Ffh3VoQKk/psQJN6ABJar SbijQfk9eILkiO/XDMwrLKmj0183VS1N+xGzLaZqC0wDjwwwUHOJHUGK02+rRPCf pI2NkZeaRJtGeSfC1LjDHbBhToJLY3JbGU8+NiZrWiFwcJMhyHvgcjWQwOvN2X9R jNiHvo5kTBXboaCwBU9NRvWXDmWbCeWPCsAr0WYOsyCMT4fms/2NtygjiregAGBO BL1kDf2BiF+1lcfGD/cQgOyYPrvOhBtIp6//5UhksFY2h90lHu7Dm6FTUKlUyTzh qKVSro4FL87OA2opuPwAOsbX/96XZEgHlHs2mOy2dGkDCZ2LF6KjWARanSIixBFV 2ARsj6ck+O9S+8KBVGEFBPPKN0fNZ7Irhivv/rR+w1AZLMsbLvdGdm4CarrMEogX daPXwiWnMNsWadMVMIeHpjdYprVw/vfIDCqBXwZfLnDeHxtHgMxyNx0uuXrBPDWu HjrB8Uo0/MSp55QyOSY4DLhQWVTC9mNc5CKcMmnmOQtH4niGyXc+D7k2pa7dKHPY NLggsaiNOKiTjUpcgGEOz191Q7vVDGpGCuV81C9k+AYMWToXnffGXYO62zk0NeIH 7sZ9feNCTZHLlFDF0v9KnnyXFLMTcgT0WXtw1RAcBY7UebcaBSS1ljyw45qGo+bA 3J/op5VbemkYblZScFvu =Dlmy -----END PGP SIGNATURE-----
VAR-201402-0089 CVE-2013-2829 MatrikonOPC SCADA DNP3 OPC Server Service disruption in (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. MatrikonOPC is the world's largest OPC developer and supplier. Allows an attacker to exploit a vulnerability to launch a denial of service attack. Successful exploits may allow an attacker to cause denial-of-service conditions. DNP3 OPC Server versions prior to 1.2.2.0 are vulnerable
VAR-201402-0489 No CVE Barracuda Load Balancer '/cgi-mod/index.cgi' arbitrary command execution vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. A remote command injection vulnerability exists in Barracuda Load Balancer. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected application. There are vulnerabilities in Barracuda Load Balancer 340 version 4.2.2.007, other versions may also be affected
VAR-201402-0200 CVE-2014-0722 Cisco Unified Communications Manager of log4jinit Web Service disruption in applications (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. Cisco Unified Communications Manager is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access to affected application. This may aid in generating activity within the application resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCum05347. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0201 CVE-2014-0723 Cisco Unified Communications Manager of IP Manager Assistant Interface cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum05343. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0202 CVE-2014-0724 Cisco Unified Communications Manager Vulnerabilities that bypass authentication in the bulk management interface CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. An attacker can exploit this issue to view arbitrary files from the local filesystem within the context of the affected application. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCum05340. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There are security vulnerabilities in the bulk management interface of CUCM 10.0(1) and earlier versions
VAR-201402-0206 CVE-2014-0728 Cisco Unified Communications Manager of Java In the database interface SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05313. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0207 CVE-2014-0729 Cisco Unified Communications Manager of Enterprise Mobility Application In the interface SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05302. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
VAR-201402-0574 No CVE NetGear WNR1000 Password Recovery Credential Disclosure Vulnerability CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
The NetGear WNR1000 is a wireless router product. NetGear WNR1000 version 3 (firmware version 1.0.2.60_60.0.86 and 1.0.2.54_60.0.82NA) has an error handling the password recovery request. The local attacker sends a specially crafted HTTP POST request to passwordrecovered.cgi, which can be exploited by the vulnerability. certificate.
VAR-201402-0555 No CVE D-Link DSL-2750B Cross-Site Request Forgery Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The D-Link DSL-2750B is an ADSL router. The D-Link DSL-2750B has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. D-Link DSL-2750B is a Model router product of D-Link. A cross-site request forgery vulnerability exists in D-Link DSL-2750B running EU_2.02 firmware. An attacker could use this vulnerability to perform unauthorized operations. D-Link DSL-2750B is prone to a cross-site request-forgery vulnerability. This may lead to further attacks. D-Link DSL-2750B running firmware version EU_2.02 is vulnerable; other versions may also be affected
VAR-201402-0269 CVE-2014-0332 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. (CWE-79). DELL Provided by SonicWALL GMS/Analyzer/UMA Contains a cross-site scripting vulnerability. DELL Provided by SonicWALL GMS/Analyzer/UMA In /sgms/mainPage of node_id There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') http://cwe.mitre.org/data/definitions/79.htmlAn arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products prior to version 7.1 SP1 are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Management Appliance E5000. GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software
VAR-201402-0108 CVE-2013-5012 Symantec Web Gateway In a management console running on the appliance SQL Injection vulnerability CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Symantec Web Gateway is a Web security gateway hardware appliance. In the version of Symantec Web Gateway 5.1.1, an attacker could exploit this vulnerability to access or modify data due to insufficient filtering of user-supplied data. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more
VAR-201402-0109 CVE-2013-5013 Symantec Web Gateway Cross-site scripting vulnerability in the management console running on the appliance CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. Web Script or HTML May be inserted. Symantec Web Gateway is a Web security gateway hardware appliance. Because Symantec Web Gateway failed to properly filter user-supplied input, a remote attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected user. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more
VAR-201402-0583 No CVE Xerox ColorQube has multiple unspecified vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Xerox ColorQube is a multifunction machine with print/scan/copy/fax. Xerox ColorQube has multiple security vulnerabilities and no detailed vulnerability details are available. Limited information is currently available regarding these issues. We will update this BID as more information emerges. Xerox ColorQube 8700 and 8900 are vulnerable
VAR-201403-0224 CVE-2014-1939 Android of java/android/webkit/BrowserFrame.java In any Java Code execution vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. Google Android Jelly Bean is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). The vulnerability stems from the fact that the program uses the addJavascriptInterface API and creates an object of the SearchBoxImpl class
VAR-201403-0712 No CVE Multiple ASUS Router 'smb.xml' Authentication Bypass Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router
VAR-202001-1231 CVE-2014-1925 Koha  In  SQL  Injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. Koha In SQL An injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Koha is prone to the following security vulnerabilities: 1. An arbitrary file-access vulnerability 2. A directory-traversal vulnerability 3. An arbitrary file-write vulnerability 4. An SQL-injection vulnerability An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, read or write arbitrary files from the web server, and potentially obtain sensitive information on the affected application. This may aid in further attacks