VARIoT IoT vulnerabilities database

Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCzu81067

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. The problem is Bug ID CSCuc65775 It is a problem.Service disruption by remotely authenticated user ( Device crash ) There is a possibility of being put into a state. An authenticated attacker can exploit this issue to cause a crash, denying service to legitimate users. Cisco Adaptive Security Appliances (ASA) 8.4 is vulnerable; other versions may also be affected. This issue is being tracked by Cisco Bug ID CSCuc65775. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Adaptive Security Appliance CIFS UNC Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA51955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51955 RELEASE DATE: 2013-01-28 DISCUSS ADVISORY: http://secunia.com/advisories/51955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling CIFS UNC input and can be exploited to cause a crash. The vulnerability is reported in version 8.4. SOLUTION: Contact the vendor for patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6395 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. A local attacker can exploit this issue to crash the system, resulting in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCuc81669. The vulnerability is caused by the program not interacting with the kernel properly

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. The problem is Bug ID CSCub67989 It is a problem.Unspecified by a third party Conductor A meeting may be created via a request. Successful exploits may allow an attacker to bypass intended security restrictions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub67989. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. A remote attacker could exploit this vulnerability to create a conference through an unidentified Conductor request

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Attackers can exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Products, Ethernet There is a vulnerability that allows arbitrary code to be executed due to improper authentication when updating firmware.A third party may be able to execute arbitrary code via a Trojan update image. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (CPU Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (NIC Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. Siemens SIMATIC RF Manager is an RFID reader engineering and configuration tool. The Siemens SIMATIC RF Manager ActiveX control is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Siemens SIMATIC is an automation software with a single engineering environment. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC RF Manager ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA51845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51845 RELEASE DATE: 2013-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/51845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC RF Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in an unspecified ActiveX control and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in RF-MANAGER 2008 and RF-MANAGER Basic versions 3.0 and prior. SOLUTION: Patch is available by contacting vendor support (see the vendor's advisory for more details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-099741.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. Rockwell Automation MicroLogix is a programmable controller platform. attack. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. When sending specially crafted CIP packets to ports 2222/TCP, Port 2222/UDP, Port 44818/TCP, and Port 44818/UDP, this vulnerability can cause buffer overflow , causing the NIC to deny service

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.   Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.By a third party (1) Setting, or (2) Falsify network parameters CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. TL-WR841N Contains an information disclosure vulnerability. TP-LINK Provided by TL-WR841N The web interface has a problem with parameter analysis processing and an information disclosure vulnerability.A configuration file for the product may be obtained by a third party that has access to the product's web interface. The TP-LINK TL-WR841N Router is a wireless router device. TP-LINK TL-WR841N router is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. This may aid in further attacks. TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n is vulnerable; other versions may also be affected

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.Trigger reset by a third party CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. Dnsmasq is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions through a large stream of spoofed DNS queries. Dnsmasq versions 2.62 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:072 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : dnsmasq Date : April 8, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated dnsmasq packages fix security vulnerabilities: When dnsmasq before 2.63 is used in conjunctions with certain configurations of libvirtd, network packets from prohibited networks (e.g. packets that should not be passed in) may be sent to the dnsmasq application and processed. This can result in DNS amplification attacks for example (CVE-2012-3411). This update adds a new option --bind-dynamic which is immune to this problem. Updated dnsmasq packages fix security vulnerabilities (CVE-2013-0198): This update completes the fix for CVE-2012-3411 provided with dnsmasq-2.63. This update fix these three cases. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0198 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0273 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0030 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 89bdd7af8963a0c0e51a52b5b08295b0 mbs1/x86_64/dnsmasq-2.63-1.mbs1.x86_64.rpm 1b45290efb8694734cfa1616b5ef6294 mbs1/x86_64/dnsmasq-base-2.63-1.mbs1.x86_64.rpm 8782b678c40e2c8ccedb39f60e2b6f0d mbs1/SRPMS/dnsmasq-2.63-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRYvSNmqjQ0CJFipgRAmDuAKDqB4WerX13N+7g/zR6iU5C6b8QjACdEdEW koGb8Voa5rhgjjRVCT1ZvBg= =VQ4h -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dnsmasq: Denial of Service Date: June 25, 2014 Bugs: #436894, #453170 ID: 201406-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Dnsmasq can lead to a Denial of Service condition. Background ========== Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. Workaround ========== There is no known workaround at this time. Resolution ========== All Dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.66" References ========== [ 1 ] CVE-2012-3411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3411 [ 2 ] CVE-2013-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0198 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Interactive Graphical SCADA System 9 and 10 are vulnerable

Cisco Linksys Routers is a wireless router device from Cisco. A security vulnerability exists in the Cisco Linksys router. Allows unauthenticated attackers to exploit the vulnerability to gain root access, fully control the device, and no detailed vulnerability details are currently available. Successful exploits will result in the complete compromise of an affected device. Linksys WRT54GL 4.30.14 and prior are vulnerable

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. There is a denial of service attack on the Cisco Nexus 7000. Allows authenticated attackers to consume large amounts of memory and system resources. This vulnerability is only triggered when a lower-density card replaces a higher-density line-card in the same slot. This issue is being tracked by Cisco Bug ID CSCud44300. Cisco NX-OS is vulnerable; other versions may also be affected

Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. Cisco WebEx Social ( Former name : Quad) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by the Cisco Bug ID CSCub61977. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco WebEx Social Information Disclosure and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA51996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51996 RELEASE DATE: 2013-01-28 DISCUSS ADVISORY: http://secunia.com/advisories/51996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco WebEx Social, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. 1) An error within the search functionality can be exploited to access certain local files via specially crafted parameters. 2) Certain input passed via Rich Site Summary (RSS) service links is not properly sanitised before being returned to the user. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6397 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1107 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 24.0.1312.52 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 59438 Google Chrome Extension Process CVE-2013-0831 Unspecified Security Vulnerability 59436 Google Chrome CVE-2013-0836 Denial of Service Vulnerability 59435 Google Chrome CVE-2013-0837 Denial of Service Vulnerability 59437 Google Chrome CVE-2013-0835 Geolocation Implementation Denial of Service Vulnerability 59431 Google Chrome CVE-2013-0829 Security Bypass Vulnerability 59433 Google Chrome CVE-2013-0838 Unspecified Security Vulnerability 59430 Google Chrome CVE-2013-0828 Denial of Service Vulnerability 59428 Google Chrome CVE-2013-0832 Use-After-Free Remote Code Execution Vulnerability 59421 Google Chrome CVE-2012-5155 Security Bypass Vulnerability 59426 Google Chrome CVE-2012-5157 Denial of Service Vulnerability 59427 Google Chrome CVE-2013-0833 Denial of Service Vulnerability 59429 Google Chrome CVE-2013-0834 Denial of Service Vulnerability 59425 Google Chrome CVE-2012-5153 Out of Bounds Denial of Service Vulnerability 59424 Google Chrome CVE-2012-5156 Use-After-Free Remote Code Execution Vulnerability 59423 Google Chrome CVE-2013-0830 Unspecified Security Vulnerability 59422 Google Chrome CVE-2012-5154 Integer Overflow Vulnerability 59420 Google Chrome CVE-2012-5152 Denial of Service Vulnerability 59414 Google Chrome CVE-2012-5146 Same Origin Policy Security Bypass Vulnerability 59413 Google Chrome CVE-2012-5148 Unspecified Security Vulnerability 59418 Google Chrome CVE-2012-5147 Use-After-Free Remote Code Execution Vulnerability 59416 Google Chrome CVE-2012-5145 Use-After-Free Remote Code Execution Vulnerability 59419 Google Chrome CVE-2012-5151 Integer Overflow Vulnerability 59415 Google Chrome CVE-2012-5149 Integer Overflow Vulnerability 59417 Google Chrome CVE-2012-5150 Use-After-Free Remote Code Execution Vulnerability. Note: This issue was previously covered in BID 57251 (Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities) but has been given its own record for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 RELEASE DATE: 2013-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/51825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) A buffer overflow vulnerability exists in the bundled version of Adobe Flash Player. For more information: SA51771 2) A use-after-free error exists when handling SVG layouts. 3) An error when handling URLs can be exploited to bypass the same origin policy. 4) A use-after-free error exists when handling certain DOM objects. 5) An unspecified error exists when handling certain filenames. 6) An integer overflow error exists when handling audio IPC. 7) A use-after-free error exists when seeking video. 8) An integer overflow error exists when handling JavaScript in PDF files. 9) An out-of-bounds read error exists when seeking video. 10) An out-of-bounds stack access error exists in v8. 11) An integer overflow error exists in shared memory allocation. NOTE: This vulnerability affects Windows only. 12) An unspecified error can be exploited to bypass the sandbox for worker processes. NOTE: This security issue affects Mac only. 13) A use-after-free error exists when handling certain fields in PDF files. 14) Some out-of-bounds read errors exist when handling images in PDF files. 15) A bad cast error exists in PDF root handling. 16) An unspecified error can be exploited to corrupt database metadata and access certain files. 17) A use-after-free error exists when printing. 18) An out-of-bounds read error exists when printing. 19) An out-of-bounds read error exists when handling glyph. 20) An unspecified error exists within v8 garbage collection. 21) An unspecified error exists within extension tab handling. SOLUTION: Upgrade to version 24.0.1312.52. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Atte Kettunen, OUSPG 3) Erling A Ellingsen and Subodh Iyengar, Facebook 4) Jose A. Vazquez 5) Justin Schuh, Google Chrome Security Team 6, 11) Chris Evans, Google Chrome Security Team 7, 9) Inferno, Google Chrome Security Team 8, 13, 14, 15) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team 10) Andreas Rossberg, Chromium development community 12) Julien Tinnes, Google Chrome Security Team 16) Juri Aedla, Google Chrome Security Team 17, 18, 19, 20) Cris Neckar, Google Chrome Security Team 21) Tom Nielsen ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------