VARIoT IoT vulnerabilities database

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. Nagstamon is a Nagios status monitor. These sensitive information can be obtained by obtaining the plaintext BASE64 data in the HTTP BASIC verification header. A remote attacker can exploit the vulnerability to obtain such sensitive information, such as authentication credentials. Nagstamon is prone to an information-disclosure vulnerability. Versions prior to Nagstamon 0.9.10 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Nagstamon: Information disclosure Date: January 06, 2014 Bugs: #476538 ID: 201401-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Nagstamon could expose user credentials to a remote attacker. Workaround ========== There is no known workaround at this time. Resolution ========== All Nagstamon users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/nagstamon-0.9.11_rc1" References ========== [ 1 ] CVE-2013-4114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

3S Vision is a camera device. 3S N1072, N1073 and N3071 are all network cameras from Taiwan 3S. A security bypass vulnerability exists in 3S Vision N1072, N1073, N3071 Network Cameras, which originates from the use of hard-coded credentials in the program. An attacker could use this vulnerability to gain administrator access to the affected device. Vulnerabilities exist in the following versions: N1072 Network camera runs firmware version 1.07_STD-1, N1073 Network camera runs firmware version 1.02_STD-1, and N3071 Network camera runs firmware version 1.05_STD-1

The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data. AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service (DoS). Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Network functions may be disabled by a remote attacker. Sharp AQUOS PhotoPlayer HN-PP150 is a picture printing and playback device. A remote attacker could exploit this vulnerability to crash an application and deny service to legitimate users. Sharp AQUOS PhotoPlayer HN-PP150 running firmware 1.03.01.04 and earlier are vulnerable. Sharp AQUOS PhotoPlayer HN-PP150 is a photo player product of Sharp Corporation of Japan. This product provides slideshow presentation, photo printing and other functions

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. Cisco Unified Communications Domain Manager is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device to consume excessive CPU resources, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCud22922. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh74981

Asante Voyager I and Voyager II are network cameras from Asante, USA. A security bypass vulnerability exists in Asante Voyager I and Voyager II Network Cameras, which stems from the program's use of hard-coded credentials. An attacker could use this vulnerability to gain administrator access to the affected device. There are vulnerabilities in the firmware version 2.08 running Voyager I and Voyager II Network Cameras. Other versions may also be affected

ALinking ALC-9451 and ALC-9452 Network Cameras are the network camera products of Taiwan Alinking Company. There is a security bypass vulnerability in ALinking ALC-9451 and ALC-9452 Network Cameras, which stems from the program's use of hard-coded credentials. An attacker could use this vulnerability to gain administrator access to the affected device. ALC-9451 and ALC-9452 Network Cameras have vulnerabilities in version 1.33 of the firmware running. Other versions may also be affected

Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001. Vendors have confirmed this vulnerability PR 829536 It is released as. This vulnerability CVE-2003-0001 And related issues.By reading the packet data by a third party, important information may be obtained. Multiple Juniper Gateway Products are prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained will aid in further attacks. Juniper Gateway Products SRX1400, SRX3400, and SRX3600 are vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. Vendors have confirmed this vulnerability PR 772834 It is released as.Skillfully crafted by a third party MSRPC Service disruption via request ( Daemon crash ) There is a possibility of being put into a state. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will result in denial-of-service conditions. Juniper Networks Junos 10.4 is vulnerable; other versions may also be affected. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in flowd (the Flow daemon) in Juniper Junos 10.4 releases prior to 10.4R11 on SRX Series Server Gateway devices

flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593. Juniper Networks Junos is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause the host system to crash, resulting in a denial-of-service condition. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in flowd in Juniper Junos 10.4 prior to 10.4S14, 11.4 prior to 11.2 and 11.4R6-S2, and 12.1 prior to 12.1R6 on SRX Series Server Gateway devices

The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091. Juniper Networks Junos is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause the host system to crash, resulting in a denial-of-service condition. Junos 10.4, 11.4, 11.4X27, 12.1X44, 12.1, 12.2 and 12.3 are vulnerable. The operating system provides a secure programming interface and Junos SDK. Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, There is a denial of service vulnerability in the 12.3 kernel before 12.3R2. The vulnerability stems from the lack of restrictions on the settings of arp-resp and proxy-arp in the VLAN configuration of the program

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. Vendors have confirmed this vulnerability PR 849100 It is released as.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Juniper Networks Junos is prone to a remote buffer-overflow vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. The operating system provides a secure programming interface and Junos SDK. Buffering exists in flowd (Flow Daemon) in Juniper Junos 10.4 releases prior to 10.4S14, 11.4 releases prior to 11.4R7, 12.1 releases prior to 12.1R6, and 12.1X44 releases prior to 12.1X44-D15 on SRX Series Server Gateway devices area overflow vulnerability

flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will result in denial-of-service conditions. The operating system provides a secure programming interface and Junos SDK. Denial of service exists in flowd (Flow Daemon) in Juniper Junos 10.4 releases prior to 10.4S14, 11.4 releases prior to 11.4R8, 12.1 releases prior to 12.1R7, and 12.1X44 releases prior to 12.1X44-D15 on SRX Series Server Gateway devices loophole

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. Vendors report this vulnerability CSCud69972 , CSCud70193 ,and CSCud70261 Published as.By a third party, due to issues with the pages below, Web Script or HTML May be inserted. (1) IptAccountMgmt page (2) IptFeatureConfigTemplateMgmt page (3) IptFeatureDisplayPolicyMgmt page (4) IptProviderMgmt page. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCud69972, CSCud70193, and CSCud70261. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. Vendors have confirmed this vulnerability Bug ID CSCuh47574 and CSCuh95997 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco bug IDs CSCuh47574 and CSCuh95997

The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. Vendors have confirmed this vulnerability Bug ID CSCud96071 It is released as.Authentication may be bypassed by sending arbitrary passwords by a third party. Cisco TelePresence TC Software is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain access to vulnerable devices. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCud96071. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. There is an out-of-bounds read error in the RSLinx Enterprise LogReceiver service. When the record size field in the received packet is larger than the actual number of received data, the service program will crash, causing a denial of service attack

RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. The RSLinx Enterprise LogReceiver service does not properly check the record data size field when parsing received packets. The remote attacker can use this vulnerability to submit a specially crafted request to trigger an integer overflow, which can crash the service and cause a denial of service attack

Cisco WebEx is a set of Web conferencing tools from Cisco in the United States. This tool can assist remote office staff to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing, and enterprise instant messaging (IM). An information disclosure vulnerability exists in the Cisco WebEx One-Click Client. An attacker could use this vulnerability to gain sensitive information, such as stored passwords, which can help launch further attacks

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. SAP Netweaver is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. SAP Netweaver 7.03 and prior are vulnerable