VARIoT IoT vulnerabilities database

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. Vendors have confirmed this vulnerability Bug ID CSCsv37163 It is released as.Skillfully crafted by a third party URL System files may be read via. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCsv37163. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. These vulnerabilities are caused by the program's failure to sanitize user-submitted input

Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. Vendors report this vulnerability Bug ID CSCsv37288 Published as.Important settings, archives, and log information can be obtained by third parties. Cisco Video Surveillance Manager is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain administrative controls of the vulnerable device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCsv37288. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. The vulnerability is caused by the fact that the program does not require authentication

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. Vendors have confirmed this vulnerability Bug ID CSCsv40169 It is released as.A third party may obtain important configuration, archive, and log information. Cisco Video Surveillance Manager is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain administrative controls of the vulnerable device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCsv40169. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. The vulnerability comes from the fact that the program accessing the VSMC monitoring page does not require identity authentication

The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. Vendors have confirmed this vulnerability Bug ID CSCuh86385 It is released as.Access restrictions can be avoided and unspecified by a third party through crafted parameters. Web The page may be vulnerable to read. Exploiting this issue could allow an attacker to bypass certain security restrictions and obtain unauthorized access to sensitive information on the affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuh86385

An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. FOSCAM IP Camera FI8620 Contains an incorrect authentication vulnerability.Information may be obtained. FOSCAM IP-Cameras is a webcam device. FOSCAM IP-Cameras are prone to multiple unauthorized-access vulnerabilities. Attackers can exploit these issues to gain unauthorized access and obtain potentially sensitive information. This may aid in further attacks. FOSCAM FI8620 is vulnerable; other versions may also be affected

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. Vendors have confirmed this vulnerability Bug ID CSCud80186 It is released as.By any third party Web Script or HTML Inserted and fraudulently protected C ookie May get you. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud80186. It provides a real-time service status view of the entire Cisco Unified Communications system, showing the current operational status of each component

Cisco WebEx is a web conferencing solution. The Cisco WebEx One-Click Client handles password encryption with a security vulnerability. If a local attacker can obtain a user account, the file containing the encrypted password can be obtained and the password decrypted.

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. ------------------------------------------------------------------------------- | Juniper Secure Access XSS Vulnerability| -------------------------------------------------------------------------------- Summary =============== Juniper Secure Access software has reflected XSS vulnerability CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view Vendor notified: 06/06/2012 Vendor fixed: 12/12/2012 Affected Products ================= Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 . Details ================== In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface. Effected parameter: WWHSearchWordsText Impact ================== Execution of arbitrary script code in a user's browser during an authenticated session. Solution ================== Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher. Twitter @pazwant

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. Cisco Unified Operations Manager Contains a cross-site scripting vulnerability. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling. This issue is being tracked by Cisco Bug ID CSCud80182. It provides a real-time service status view of the entire Cisco Unified Communications system, showing the current operational status of each component

Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210. The Cisco Aironet 3600 access points is a Cisco wireless access point product. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuh71210. The function of this product is to connect wired network and wireless clients

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. Dell OpenManage Server Administrator is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Dell OpenManage Server Administrator 7.2.0 is vulnerable; other versions may also be affected. The solution supports online diagnosis, system operation detection, equipment management, etc

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. Apache HTTP Server is prone to an unspecified remote security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Apache HTTP Server versions prior to 2.4.6 are vulnerable. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability for impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2013-218-02) New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.6-i486-1_slack14.0.txz: Upgraded. This update addresses two security issues: * SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. * SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.25-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.25-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.25-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.25-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.25-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.25-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.25-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.25-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.6-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.6-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.6-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: 49e1243c36da3a80140ca7759d2f6dd8 httpd-2.2.25-i486-1_slack12.1.tgz Slackware 12.2 package: 467c75fe864bc88014e9501329a75285 httpd-2.2.25-i486-1_slack12.2.tgz Slackware 13.0 package: b96877782fd2f86204fdd3950b3a77bf httpd-2.2.25-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 392410fffbb3e4e4795e61a5b7d4fc50 httpd-2.2.25-x86_64-1_slack13.0.txz Slackware 13.1 package: 71a682673a4dcca9be050a4719accbf7 httpd-2.2.25-i486-1_slack13.1.txz Slackware x86_64 13.1 package: a76f23ceb9189ecb99c04b3b2d3e2e2d httpd-2.2.25-x86_64-1_slack13.1.txz Slackware 13.37 package: 704bccc4757c957a1ed30c4ffce19394 httpd-2.2.25-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 0cdea77935eeb983e368401856ec2e3c httpd-2.2.25-x86_64-1_slack13.37.txz Slackware 14.0 package: 37736614680f786b4cc0a8faa095d885 httpd-2.4.6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: d8901630ba6ecfd020a53512c5f63fc8 httpd-2.4.6-x86_64-1_slack14.0.txz Slackware -current package: 649f30c4e51e6230fbe247664e0faa9c n/httpd-2.4.6-i486-1.txz Slackware x86_64 -current package: b3caf5504257c1172a2768ab114a9ee5 n/httpd-2.4.6-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.6-i486-1_slack14.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlIAnpMACgkQakRjwEAQIjM10gCgkmtxZKnHyFXGi8CbGmy4LfRQ gL8AnjhciRUOBFU8ydK8gMvbfeZuU46c =TDGS -----END PGP SIGNATURE-----

The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. Samsung is a South Korean Samsung Electronics company, founded in 1969. Samsung PS50C7700 3D Plasma-TV is prone to denial-of-service vulnerability. Attackers can exploit this issue to cause a crash, denying service to legitimate users

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. Western Digital My Net is a series of router products from Western Digital, USA. An information disclosure vulnerability exists in a number of Western Digital My Net devices that can expose administrator credentials. This vulnerability could be used by unauthorized attackers to gain sensitive information that can help launch further attacks. There is a security hole in the main_internet.php file

The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuh42052. This product has the functions of information service and custom XML-based service

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCud80179. Other versions may also be affected. It provides a real-time service status view of the entire Cisco Unified Communications system, showing the current operational status of each component

ASUS multiple routers have security vulnerabilities that allow remote attackers to exploit vulnerabilities to obtain sensitive information. The problem is that the device sends authentication credentials in clear text over the network, allowing an attacker to sniff sensitive information through the sniffing network.

Huawei E587 3G Mobile Hotspot is a wireless router device that supports 3G. Huawei E587 3G Mobile Hotspot incorrectly verifies certain inputs in SMS messages, allowing remote attackers to build special SMS requests, entice users to resolve, obtain targeted user sensitive information or hijack user sessions.

The ASUS RT-N16 and RT-N16R are wireless router devices. ASUS RT-N16 and RT-N16R incorrectly restrict access to users, allowing remote attackers to directly request index.asp scripts, bypass administrator authentication, and gain unauthorized access to the management console.

The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. Vendors have confirmed this vulnerability Bug ID CSCui07698 It is released as.By a third party UDP port 848 Could bypass the encryption policy. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to a security-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions on the affected device. This issue is being tracked by Cisco Bug ID CSCui07698. This solution is mainly used to encrypt data transmitted over a wide area network