VARIoT IoT vulnerabilities database

The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. Linksys WRT54G Router is prone to a information disclosure vulnerability

The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. Linksys WRT54G Router is prone to a remote security vulnerability

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. Linksys WRT54G Router is prone to a denial-of-service vulnerability

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. WRT54G v1.0 is prone to a remote security vulnerability

The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. Siemens SpeedStream 6520 is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests. The basehelp_English.htm has a large integer in the content-length section. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Siemens SpeedStream 6520 HTTP Request Processing Denial of Service SECUNIA ADVISORY ID: SA29325 VERIFY ADVISORY: http://secunia.com/advisories/29325/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Siemens SpeedStream 6520 http://secunia.com/product/18085/ DESCRIPTION: laurent has reported a vulnerability in Siemens SpeedStream 6520, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing HTTP requests containing an overly large "Content-Length" header. This can be exploited to cause the web service to crash via e.g. a specially crafted HTTP POST request. SOLUTION: Restrict network access to the web service. PROVIDED AND/OR DISCOVERED BY: laurent ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra daemon processes. The device fails to change the default password when a legitimate user sets a new password. Attackers can use this default password to gain unauthorized access to the device. By gaining administrative access to Quagga or Zebra, an attacker can modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. The attacker may also be able to exploit latent vulnerabilities in the daemon itself. ZyWALL 1050 is vulnerable; other devices may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: ZyXEL ZyWALL 1050 Undocumented Account Security Issue SECUNIA ADVISORY ID: SA29237 VERIFY ADVISORY: http://secunia.com/advisories/29237/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: ZyXEL ZyWALL Series http://secunia.com/product/147/ DESCRIPTION: Pranav Joshi has reported a security issue in ZyXEL ZyWALL 1050, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to gain access to the quagga daemon (TCP ports 2601, 2602, and 2604) and e.g. view and manipulate routing information. The security issue is reported in ZyXEL ZyWALL 1050. SOLUTION: Restrict network access to the affected services. PROVIDED AND/OR DISCOVERED BY: Pranav Joshi ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. SAP MaxDB is prone to a heap-based memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer. This issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MaxDB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29312 VERIFY ADVISORY: http://secunia.com/advisories/29312/ CRITICAL: Highly critical IMPACT: Privilege escalation, System access WHERE: >From remote SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/ DESCRIPTION: Some vulnerabilities have been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a vulnerable system. 2) An error exists within the "sdbstarter" program when handling environment variables. Successful exploitation requires that the attacker is a member of the "sdba" group. PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense. ORIGINAL ADVISORY: iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "vserver" program is responsible for accepting and handling communication with remote database clients. For more information, visit the product's website at the following URL. https://www.sdn.sap.com/irj/sdn/maxdb II. After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition. III. In order to exploit this vulnerability, an attacker must be able to establish a TCP session on port 7210 with the target host. Additionally, the attacker must know the name of an active database on the server. Since this service uses the fork() system call once a connection has been accepted, an attacker can repeatedly attempt to exploit this vulnerability. Some exploitation attempts may result in the database process ceasing to run, in which case further exploitation attempts will not be possible. IV. DETECTION iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux. V. WORKAROUND Employing firewalls to limit access to the affected service will mitigate exposure to this vulnerability. VI. VENDOR RESPONSE SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1140135. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0307 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/06/2007 Initial vendor notification 12/10/2007 Initial vendor response 03/10/2008 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. (1) Excessively long username (2) Have an overly large name and a blank value HTTP header. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.  D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks.  The D-Link DI-524 router does not properly handle the login request sent to the web interface. collapse.  The D-Link DI-604 router did not properly filter the input passed to the rf parameter in prim.htm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session.  The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: D-Link DI-524 Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA29366 VERIFY ADVISORY: http://secunia.com/advisories/29366/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: D-Link DI-524 http://secunia.com/product/8028/ DESCRIPTION: laurent has reported two vulnerabilities in D-Link DI-524, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: laurent ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. SAP MaxDB is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer. This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue. iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "sdbstarter" program is set-uid root and installed by default. For more information, visit the product's website at the following URL. https://www.sdn.sap.com/irj/sdn/maxdb II. DESCRIPTION Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. This vulnerability exists due to a design error in the handling of certain environment variables. These variables are used to specify the configuration settings to be used by various MaxDB components. III. To exploit this vulnerability, an attacker must be able to execute the "sdbstarter" program. In a default installation, this requires that the attacker be a member of the "sdba" group. It is important to note that this vulnerability is not architecture dependent. IV. DETECTION iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Windows releases do not include the "sdbstarter" program. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1140135. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0306 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/05/2007 Initial vendor notification 12/06/2007 Initial vendor response 03/10/2008 Coordinated public disclosure IX. CREDIT This vulnerability was discovered by Joshua J. Drake of VeriSign iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MaxDB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29312 VERIFY ADVISORY: http://secunia.com/advisories/29312/ CRITICAL: Highly critical IMPACT: Privilege escalation, System access WHERE: >From remote SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/ DESCRIPTION: Some vulnerabilities have been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a vulnerable system. 1) A signedness error within the "vserver" component can be exploited to cause a heap corruption via a specially crafted packet sent to the port, which "vserver" is listening on (port 7210/TCP by default). PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense. ORIGINAL ADVISORY: iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802. Attackers can exploit this issue to gain access to affected routers using the account of a previously authenticated user. Belkin F5D7230-4 running firmware 9.01.10 is vulnerable; other devices and firmware versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Belkin Wireless G Router Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA29345 VERIFY ADVISORY: http://secunia.com/advisories/29345/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Belkin Wireless G Router http://secunia.com/product/6130/ DESCRIPTION: Some security issues and a vulnerability have been reported in the Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). 2) An error exists within the enforcing of permissions in cgi-bin/setup_dns.exe. This can be exploited to perform restricted administrative actions by directly accessing the vulnerable script. 3) An error exists in the cgi-bin/setup_virtualserver.exe script when processing HTTP POST data. This can be exploited to deny further administrative access to an affected device via specially a crafted HTTP POST request with a "Connection: Keep-Alive" header. The security issues and the vulnerability are reported in model F5D7230-4, firmware version 9.01.10. SOLUTION: Restrict network access to the router's web interface. PROVIDED AND/OR DISCOVERED BY: loftgaia ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. Alice Gate2 Plus Wi-Fi is prone to a remote security vulnerability

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Panda Products cpoint.sys Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA29311 VERIFY ADVISORY: http://secunia.com/advisories/29311/ CRITICAL: Less critical IMPACT: Privilege escalation, DoS WHERE: Local system SOFTWARE: Panda Internet Security 2008 http://secunia.com/product/17681/ Panda Antivirus + Firewall 2008 http://secunia.com/product/17905/ DESCRIPTION: Tobias Klein has reported some vulnerabilities in Panda products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Input validation errors in the cpoint.sys driver when handling certain IOCTL requests (e.g. The vulnerabilities affect the following products: * Panda Internet Security 2008 * Panda Antivirus + Firewall 2008 SOLUTION: Apply hotfix. Panda Internet Security 2008 (hfp120801s1.exe): http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe Panda Antivirus + Firewall 2008 (hft70801s1.exe): http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe PROVIDED AND/OR DISCOVERED BY: Tobias Klein ORIGINAL ADVISORY: Panda: http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp http://www.trapkit.de/advisories/TKADV2008-001.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value. Fujitsu Interstage Product Fujitsu Intersatage Smart The repository contains service disruptions ( daemon crash ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Daemon crash ) There is a possibility of being put into a state. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Smart Repository Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA29250 VERIFY ADVISORY: http://secunia.com/advisories/29250/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Interstage Job Workload Server 8.x http://secunia.com/product/13686/ Interstage Apworks 8.x http://secunia.com/product/15987/ Interstage Apworks 7.x http://secunia.com/product/13689/ Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 7.x http://secunia.com/product/13692/ Interstage Business Application Server 8.x http://secunia.com/product/13687/ DESCRIPTION: Some vulnerabilities have been reported in various Fujitsu products, which can be exploited by malicious people to cause a DoS (Denial of Service). sending incorrect requests or sending overly large data. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for patch details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The issue affects Check Point VPN-1 UTM Edge firmware 7.0.48x. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "user" parameter in the login page is not properly sanitised before being returned to the user. Other versions may also be affected. SOLUTION: Update to firmware version 7.5.48. PROVIDED AND/OR DISCOVERED BY: Henri Lindberg, Louhi Networks ORIGINAL ADVISORY: http://www.louhi.fi/advisory/checkpoint_080306.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. GoAhead WebServer is prone to a remote security vulnerability. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications

Livebox TP is a broadband router widely used in Poland. The Livebox TP has an input validation vulnerability when processing malformed user requests, and a remote attacker could exploit this vulnerability to control the server. The ADI Convergence Galaxy FTP server embedded in the Livebox TP does not properly validate user input parameters. If a remote attacker sends a specially crafted message to the router's FTP service, it may trigger a buffer overflow, causing the service to crash. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Livebox TP Router ADI Convergence Galaxy FTP Server Denial of Service SECUNIA ADVISORY ID: SA29199 VERIFY ADVISORY: http://secunia.com/advisories/29199/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Livebox TP Router http://secunia.com/product/17862/ DESCRIPTION: 0in has reported a vulnerability in Livebox TP routers, which can be exploited by malicious people to cause a DoS (Denial of Service). Other versions may also be affected. SOLUTION: Restrict network access to the FTP service. PROVIDED AND/OR DISCOVERED BY: 0in ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. Belkin F5D7230-4 On the router cgi-bin/setup_dns.exe Is vulnerable to performing administrative operations because it does not require authentication.A third party may perform management operations. The Belkin F5D7230-4 Wireless G Router is prone to a vulnerability because of a lack of authentication when users access 'cgi-bin/setup_dns.exe'. Attackers can exploit this issue to perform administrative functions without authorization. Belkin Wireless G Router is a home wireless router produced by Belkin Corporation of the United States. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Belkin Wireless G Router Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA29345 VERIFY ADVISORY: http://secunia.com/advisories/29345/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Belkin Wireless G Router http://secunia.com/product/6130/ DESCRIPTION: Some security issues and a vulnerability have been reported in the Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). 1) An error in the implementation of authenticated sessions can be exploited to gain access to the router's control panel by establishing a session from a previously authenticated IP address. 2) An error exists within the enforcing of permissions in cgi-bin/setup_dns.exe. 3) An error exists in the cgi-bin/setup_virtualserver.exe script when processing HTTP POST data. This can be exploited to deny further administrative access to an affected device via specially a crafted HTTP POST request with a "Connection: Keep-Alive" header. The security issues and the vulnerability are reported in model F5D7230-4, firmware version 9.01.10. SOLUTION: Restrict network access to the router's web interface. PROVIDED AND/OR DISCOVERED BY: loftgaia ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. The Belkin F5D7230-4 Wireless G Router is prone to a denial-of-service vulnerability. Attackers can exploit this issue to deny access to the device's control center for legitimate users. Belkin F5D7230-4 running firmware 9.01.10 is vulnerable; other devices and firmware versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Belkin Wireless G Router Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA29345 VERIFY ADVISORY: http://secunia.com/advisories/29345/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Belkin Wireless G Router http://secunia.com/product/6130/ DESCRIPTION: Some security issues and a vulnerability have been reported in the Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). 1) An error in the implementation of authenticated sessions can be exploited to gain access to the router's control panel by establishing a session from a previously authenticated IP address. 2) An error exists within the enforcing of permissions in cgi-bin/setup_dns.exe. This can be exploited to perform restricted administrative actions by directly accessing the vulnerable script. 3) An error exists in the cgi-bin/setup_virtualserver.exe script when processing HTTP POST data. The security issues and the vulnerability are reported in model F5D7230-4, firmware version 9.01.10. SOLUTION: Restrict network access to the router's web interface. PROVIDED AND/OR DISCOVERED BY: loftgaia ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks. Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. The request will display the path in the \"Execution Failed\" error message

Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Juniper Networks Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "delivery_mode" parameter in dana-na/auth/rdremediate.cgi is not properly sanitised before being returned to the user. The vulnerability is reported in version 5.5R1 (build 11711). Other versions may also be affected. SOLUTION: The vulnerability is reportedly fixed in version 5.5R3. PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: http://www.procheckup.com/Vulnerability_PR07-41.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------