VARIoT IoT vulnerabilities database

VAR-200710-0498 | CVE-2007-5539 | Cisco Unified ICME Vulnerabilities in which permission is acquired |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability.
Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool.
Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks. Vulnerabilities in the Cisco Unified ICME, Unified ICMH, UCCE, UCCH, and SUCCE Web Administration components in CUCM products allow users defined in any Windows Active Directory domain to gain unauthorized privilege levels, which allows Windows Active Directory users to view arbitrary calls Central Web View report information.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
The vulnerability is caused due to an unspecified error and can be
exploited by Windows Active Directory users to e.g.
http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
CHANGELOG:
2007-10-18: Added CVE reference.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0328 | CVE-2007-5570 | Cisco FWSM Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. Cisco Firewall Services Module (FWSM) is prone to multiple denial-of-service vulnerabilities and a vulnerability that could let attackers corrupt ACLs (access control lists).
Three vulnerabilities were reported in total:
1. Specially crafted HTTPS may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
2. Specially crafted MGCP packets may cause the FWSM to reload. If exploited repeatedly, this could cause a persistent denial of service.
3. Manipulating Access Control Entries (ACE) in the ACL via the command line or ASDM (Adaptive Security Device Manager) may inadvertently cause them to not be evaluated. This will corrupt ACLs. Cisco FWSM is a firewall service module on Cisco equipment. The source IP address and interface for receiving HTTPS requests must conform to the configured http <source IP> <source interface> command.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
1) An unspecified error exists within the handling of HTTPS packets.
Successful exploitation requires that the HTTPS server is enabled
(disabled by default).
2) An unspecified error exists within the handling of Media Gateway
Control Protocol (MGCP) packets.
Successful exploitation requires that the MGCP application layer
protocol inspection is enabled (disabled by default).
NOTE: An error when loading manipulated ACLs (Access Control Lists)
is also reported.
SOLUTION:
Update to a fixed version (please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0326 | CVE-2007-5568 | Cisco Product MGCP Service disruption in packets (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM). (CSCsi90468 and CSCsi00694)Device restarted by third party, denial of service (DoS) There is a possibility of being put into a state.
An attacker can exploit these issues to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition. MGCP messages are transported over the User Datagram Protocol (UDP), which allows specially crafted MGCP messages to be initiated from spoofed addresses. Only MGCP for gateway applications (MGCP communication on UDP port 2427) is affected.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
1) An unspecified error exists within the handling of HTTPS packets.
This can be exploited to reboot an affected FWSM by sending specially
crafted HTTPS packets.
Successful exploitation requires that the HTTPS server is enabled
(disabled by default).
The vulnerability is reported in versions 3.1 and 3.2.
2) An unspecified error exists within the handling of Media Gateway
Control Protocol (MGCP) packets. This can be exploited to reboot the
FWSM by sending specially crafted MGCP packets.
Successful exploitation requires that the MGCP application layer
protocol inspection is enabled (disabled by default).
The vulnerability is reported in version 3.1.
NOTE: An error when loading manipulated ACLs (Access Control Lists)
is also reported.
SOLUTION:
Update to a fixed version (please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0644 | CVE-2007-5476 | Adobe Flash Player may load arbitrary, malformed cross-domain policy files |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains.
Very few technical details are currently available. We will update this BID as more information emerges.
I.
The update addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.
III. This and other updates are
available via Software Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
December 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----
.
3) An error exists when pinning a hostname to an IP address.
This can be exploited to bypass certain security restrictions on web
servers hosting cross-domain policy files.
5) Input passed to unspecified parameters when handling the
"asfunction:" protocol is not properly sanitised before being
returned to the user. This can be exploited to inject arbitrary HTML
and script code in a user's browser session in context of an affected
site.
6) Input passed to unspecified parameters when calling the
"navigateToURL" function is not properly sanitised before being
returned to the user. This can be exploited to inject arbitrary HTML
and script code in a user's browser session in context of an affected
site.
7) An unspecified error can be exploited to modify HTTP headers and
conduct HTTP request splitting attacks.
8) An error within the implementation of the Socket or XMLSocket
ActionScript classes can be exploited to determine if a port on a
remote host is opened or closed.
9) An error within the setting of memory permissions in Adobe Flash
Player for Linux can be exploited by malicious, local users to gain
escalated privileges.
For more information see vulnerability #3 in:
SA27277
The vulnerabilities are reported in versions prior to 9.0.115.0.
3) The vendor credits Dan Boneh, Adam Barth, Andrew Bortz, Collin
Jackson, and Weidong Shao of Stanford University. and
JPCERT/CC.
6) The vendor credits Collin Jackson and Adam Barth of Stanford
University.
9) The vendor credits Jesse Michael and Thomas Biege of SUSE.
-- SPARC Platform --
Solaris 10:
Apply patch 125332-03 or later.
OpenSolaris:
Fixed in build snv_89 or later.
-- x86 Platform --
Solaris 10:
Apply patch 125333-03 or later.
OpenSolaris:
Fixed in build snv_89 or later.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28136
VERIFY ADVISORY:
http://secunia.com/advisories/28136/
CRITICAL:
Highly critical
IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A format string error in the URL handler of Address Book can be
exploited to execute arbitrary code when a user views a specially
crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be
exploited via directory traversal attacks to automatically download
files to arbitrary folders when a user is enticed to visit a
specially crafted web page.
3) An unspecified error exists in ColorSync when processing images
with an embedded ColorSync profile, which can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the
"CFURLWriteDataAndPropertiesToResource" API, which can lead to files
being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can
be exploited to cause a buffer overflow and allows an admin user to
execute arbitrary code with system privileges by passing a specially
crafted URI to the CUPS service.
6) A boundary error in CUPS can be exploited by malicious people to
compromise a vulnerable system.
For more information:
SA27233
7) An integer underflow error in the CUPS backend in the handling of
SNMP responses can be exploited to cause a stack-based buffer
overflow by sending a specially crafted SNMP response.
Successful exploitation allows execution of arbitrary code, but
requires that SNMP is enabled.
8) A boundary error in Desktop Services can be exploited to cause a
heap-based buffer overflow when a user opens a directory containing a
specially crafted .DS_Store file.
Successful exploitation may allow execution of arbitrary code.
9) An input validation error in tar can be exploited by malicious
people to compromise a user's system.
For more information:
SA26573
10) An unspecified error in iChat can be exploited by malicious
people on the local network to initiate a video connection without
the user's approval.
11) An unspecified error exists within IO Storage Family when
handling GUID partition maps within a disk image. This can be
exploited to execute arbitrary code when a user is enticed to open a
specially crafted disk image.
12) Launch Services does not handle HTML files as potentially unsafe
content. This can be exploited to disclose sensitive information or
conduct cross-site scripting attacks by enticing a user to open a
specially crafted HTML file.
13) A vulnerability in Mail in the handling of unsafe file types can
be exploited to compromise a user's system.
For more information:
SA27785
14) An error in Mail can cause the application to default to SMTP
plaintext authentication if the server supports only MD5
Challenge-Response authentication and plaintext authentication.
15) Some vulnerabilities in perl can be exploited by malicious people
to compromise a vulnerable system.
For more information:
SA27546
16) A security issue in python can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
For more information:
SA26837
17) Plug-ins in Quick Look are not restricted from making network
requests. This may lead to the disclosure of sensitive information
when previewing an HTML file.
18) URLs contained in movie files may be accessed when creating an
icon for a movie file or previewing a movie file using QuickLook.
19) Some security issues in ruby can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA26985
20) Some vulnerabilities and a security issue in Ruby on Rails can be
exploited by malicious people to disclose sensitive information or to
conduct session fixation attacks.
For more information:
SA25699
SA27781
21) An error in Safari allows a page to navigate the subframes of any
other page. This can be exploited to conduct cross-site scripting
attacks and to disclose sensitive information when a user visits a
specially crafted web page.
22) An unspecified error in Safari in the handling of RSS feeds can
be exploited to cause a memory corruption and may allow execution of
arbitrary code when a user accesses a specially crafted URL.
23) Some boundary errors in Samba can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA27450
24) Some boundary errors in the Shockwave Plug-in can be exploited by
malicious people to compromise a user's system.
For more information:
SA19218
25) A boundary error in the processing of command line arguments to
"mount_smbfs" and "smbutil" can be exploited to cause a stack-based
buffer overflow and execute arbitrary code with system privileges.
26) The distribution definition file used in Software Update is
received by using HTTP without any authentication and allows
execution of arbitrary commands.
Successful exploitation requires a MitM (Man-in-the-Middle) attack.
27) An error due to an insecure file operation exists in the handling
of output files in SpinTracer. This may allow a malicious, local user
to execute arbitrary code with system privileges.
28) An unspecified error exists in the Microsoft Office Spotlight
Importer, which can be exploited to cause a memory corruption when a
user downloads a specially crafted .xls file.
Successful exploitation may allow execution of arbitrary code.
29) Some vulnerabilities in tcpdump can be exploited by malicious
people to cause a DoS or to compromise a user's system.
For more information:
SA24318
SA26135
30) Some vulnerabilities exist the Perl Compatible Regular
Expressions (PCRE) library used by XQuery, which can potentially be
exploited to compromise a vulnerable system.
Security Update 2007-009 (10.4.11 Universal):
http://www.apple.com/support/downloads/securityupdate200700910411universal.html
Security Update 2007-009 (10.4.11 PPC):
http://www.apple.com/support/downloads/securityupdate200700910411ppc.html
Security Update 2007-009 (10.5.1):
http://www.apple.com/support/downloads/securityupdate20070091051.html
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Sean Harding.
3) The vendor credits Tom Ferris, Adobe Secure Software Engineering
Team (ASSET).
5) The vendor credits Dave Camp, Critical Path Software.
7) The vendor credits Wei Wang, McAfee Avert Labs.
12) The vendor credits Michal Zalewski, Google Inc.
13) The vendor credits Xeno Kovah, originally reported in Mac OS X
10.5 by heise Security.
15) The vendor credits Tavis Ormandy and Will Drewry, Google Security
Team.
18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc.
26) Moritz Jodeit.
27) The vendor credits Kevin Finisterre, DigitalMunition
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=307179
OTHER REFERENCES:
SA19218:
http://secunia.com/advisories/19218/
SA24318:
http://secunia.com/advisories/24318/
SA25699:
http://secunia.com/advisories/25699/
SA26135:
http://secunia.com/advisories/26135/
SA26573:
http://secunia.com/advisories/26573/
SA26837:
http://secunia.com/advisories/26837/
SA26985:
http://secunia.com/advisories/26985/
SA27233:
http://secunia.com/advisories/27233/
SA27450:
http://secunia.com/advisories/27450/
SA27543:
http://secunia.com/advisories/27543/
SA27546:
http://secunia.com/advisories/27546/
SA27781:
http://secunia.com/advisories/27781/
SA27785:
http://secunia.com/advisories/27785/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0473 | CVE-2007-5562 | Netgear SSL312 PROSAFE SSL VPN-Concentrator Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. NETGEAR ProSafe SSL VPN Concentrator 25-SSL312 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Netgear SSL312 "err" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA27238
VERIFY ADVISORY:
http://secunia.com/advisories/27238/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
Netgear SSL312
http://secunia.com/product/16173/
DESCRIPTION:
SkyOut has reported a vulnerability in Netgear SSL312, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "err" parameter in e.g. cgi-bin/welcome/XYZ is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
SOLUTION:
Filter malicious characters and character sequences in a web proxy.
Do not follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
SkyOut
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066633.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0417 | CVE-2007-5482 | Sun StorEdge/StorageTek 3510 FC Array of FTP Service disruption in services (DoS) Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. Remote attackers may exploit this issue to deny service to legitimate users.
Sun StorEdge 3510 FC Array with firmware version 4.21 is affected. If the above vulnerability is present, hosts requesting I/O services from the affected array may report I/O request timeouts and eventually go offline from the array, and a message similar to the following may appear in the array event log: Tue Jan 24 14:03: 06 2007 [Primary] Warning Memory Not Sufficient to Fully Support Current Config ...
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Successful exploitation requires that the attacker has access to the
management network to which the array's management Ethernet interface
is connected to.
The vulnerability is reported in firmware versions prior to 4.21.
SOLUTION:
Update to firmware 4.21, delivered in patch 113723-18 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103106-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0047 | CVE-2007-5468 | Cisco CallManager Call or caller to any phone number at ID Vulnerabilities that are disguised |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). CallManager and Openser are prone to a remote unauthorized-access vulnerability that may lead to toll fraud and caller-ID spoofing.
A remote attacker can exploit this issue to initiate unauthorized phone calls and pretend to be a legitimate user. Cisco CallManager does not check that the URI provided by the user in the Digest-Authentication header matches the message's REQUEST-URI, and a malicious user could sniff the Digest-Authentication from a legitimate user and then call arbitrary extensions on behalf of that user.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Cisco CallManager Authentication Header Hijacking Security Issue
SECUNIA ADVISORY ID:
SA27231
VERIFY ADVISORY:
http://secunia.com/advisories/27231/
CRITICAL:
Less critical
IMPACT:
Hijacking
WHERE:
>From local network
SOFTWARE:
Cisco Unified CallManager 5.x
http://secunia.com/product/12535/
DESCRIPTION:
A security issue has been reported in Cisco CallManager, which can be
exploited by malicious people to hijack user sessions.
The security issue is caused due to the improper processing of SIP
messages and can be exploited to make calls from a hijacked account
by requesting a URI containing a sniffed authentication header.
The security issue is reported in Cisco CallManager system version
5.1.1.3000-5 and administration version 1.1.0.0-1. Other versions may
also be affected.
SOLUTION:
Use Cisco CallManager in a trusted network environment only.
PROVIDED AND/OR DISCOVERED BY:
Humberto J. Abdelnur, Radu State, and Olivier Festor
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0016 | CVE-2007-5381 |
Cisco IOS LPD Remote Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200710-0265 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . (CSCsj86725)Arbitrary code may be executed. Cisco IOS is prone to a remote buffer-overflow vulnerability in its LPD service because it fails to perform adequate boundary checks on user-supplied data. Attackers could also restart the device, resulting in denial-of-service conditions.
To exploit this issue, an attacker must be able to change the hostname of affected routers. SNMP write access may allow attackers to change the router's hostname.
Versions prior to Cisco IOS 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 are vulnerable.
This issue is being tracked by Cisco bug ID CSCsj86725.
NOTE: This issue is related to the vulnerabilities described in BID 25994 (Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities). Remote attackers may use this vulnerability to control the device or cause the device to deny service. If any source TCP port other than 515 is connected, the following error will be displayed: $ telnet 172.30.3.101 515 Trying 172.30.3.101... Connected to 172.30.3.101 (172.30.3.101). Escape character is '^]'. hostname_of_the_router: /usr/lib/lpd: Malformed from address If the hostname is greater than or equal to 99 characters, it will overflow due to calling the sprintf() function. Although technically a stack overflow, since IOS allocates heap memory for the process stack, the overwritten memory is actually the heap. Since the heap memory is used as a stack, the hostname can overwrite the return address stored before the start of the character buffer in case of overflow, but for some reason the crash does not occur until the buffer reaches the red zone at the heap block boundary, so After a crash and a router reboot, the memory dump shows heap corruption. The hostname must be controlled to exploit this vulnerability. If SNMP is running on the device and you know the rw community string (usually the default value private), you can set the hostname as follows: $ snmpset -Os -c private -v 1 10.0.0.1 system.sysName.0 s long_hostname.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA27169
VERIFY ADVISORY:
http://secunia.com/advisories/27169/
CRITICAL:
Not critical
IMPACT:
DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS R12.x
http://secunia.com/product/50/
Cisco IOS 12.x
http://secunia.com/product/182/
DESCRIPTION:
Andy Davis has reported a vulnerability in Cisco IOS, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system. This can be exploited to
cause a stack-based buffer overflow by e.g. connecting to the default
LPD port (515/TCP).
Successful exploitation may allow the execution of arbitrary code but
requires that the LPD daemon is enabled (disabled by default) and that
the attacker can control the hostname of the router.
SOLUTION:
Update to 12.2(18)SXF11, 12.4(16a), or 12.4(2)T6.
PROVIDED AND/OR DISCOVERED BY:
Andy Davis, IRM Plc.
ORIGINAL ADVISORY:
IRM Plc.:
http://www.irmplc.com/index.php/155-Advisory-024
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0017 | CVE-2007-5382 | CiscoWorks WLSE Vulnerabilities that can be obtained in a conversion utility that converts files |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081
An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.
This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition
VAR-200710-0565 | No CVE | Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Cisco IOS is prone to multiple unspecified stack-overflow vulnerabilities.
A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users.
The researchers responsible for these discoveries have stated that there are numerous other IOS security issues that will be released in the near future.
NOTE: Judging by the limited information in the security advisory that induced this alert, we assume that all of Cisco IOS 12.x and IOS XR versions are affected by these issues. We cannot verify this at this time. We will update this information when more details emerge.
VAR-200710-0057 | CVE-2007-5411 | Linksys SPA941 VoIP Phone Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. Linksys SPA941 devices are prone to an HTML-injection vulnerability because the built-in webserver fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Linksys SPA941 devices with firmware version 5.1.8 are vulnerable; other versions may also be affected.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Linksys SPA941 Script Insertion Vulnerability
SECUNIA ADVISORY ID:
SA27116
VERIFY ADVISORY:
http://secunia.com/advisories/27116/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
Linksys SPA941 VoIP Phone
http://secunia.com/product/14032/
DESCRIPTION:
Radu State has reported a vulnerability in Linksys SPA941, which can
be exploited by malicious people to conduct script insertion
attacks.
Input passed via the "From" field in a SIP message is not properly
sanitised before being displayed in the integrated web interface of
the device.
SOLUTION:
Do not use the call history in the integrated web interface.
PROVIDED AND/OR DISCOVERED BY:
Radu State
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066430.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0145 | CVE-2007-5366 | plural Fujitsu Interstage Vulnerabilities in which important information is obtained in products |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability.
Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Interstage Application Server Full Path Disclosure Weakness
SECUNIA ADVISORY ID:
SA27136
VERIFY ADVISORY:
http://secunia.com/advisories/27136/
CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
>From remote
SOFTWARE:
Interstage Application Server 7.x
http://secunia.com/product/13692/
Interstage Application Server 8.x
http://secunia.com/product/13685/
Interstage Application Server 9.x
http://secunia.com/product/15986/
Interstage Apworks 7.x
http://secunia.com/product/13689/
Interstage Apworks 8.x
http://secunia.com/product/15987/
Interstage Studio 8.x
http://secunia.com/product/13690/
Interstage Studio 9.x
http://secunia.com/product/15610/
DESCRIPTION:
A weakness has been reported in Interstage Application Server, which
can be exploited by malicious people to disclose system information.
The weakness is caused due to the full web server path being
disclosed in error messages when performing certain unspecified
actions on the web server.
Please see the vendor advisory for a list of affected products.
SOLUTION:
The vendor will reportedly address this issue in future versions.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200711-0147 | CVE-2007-6003 |
Thomson SpeedTouch 716 of cgi/b/ic/connect Vulnerable to cross-site scripting
Related entries in the VARIoT exploits database: VAR-E-200710-0094 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues.
Successful exploits of many of these issues will allow an attacker to completely compromise the affected device.
These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers.
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Input passed to the "url" parameter in /cgi/b/ic/connect/ is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerability is reported in firmware version 5.4.0.14. Other
versions may also be affected.
SOLUTION:
Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
Remco
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0018 | CVE-2007-5383 |
BT Home Hub Used in Thomson/Alcatel SpeedTouch 7G Vulnerability to gain administrator access on router
Related entries in the VARIoT exploits database: VAR-E-200710-0094 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers.
Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions.
1) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes.
2) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user's browser session.
3) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user's browser session.
4) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user's browser session.
5) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed.
6) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication.
7) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account.
Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: '/' (slash) vectors are covered by CVE-2007-5383
VAR-200710-0019 | CVE-2007-5384 |
BT Home Hub Used in Thomson/Alcatel SpeedTouch 7G Cross-site request forgery vulnerability in router
Related entries in the VARIoT exploits database: VAR-E-200710-0094 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues.
Successful exploits of many of these issues will allow an attacker to completely compromise the affected device.
These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers
VAR-200710-0020 | CVE-2007-5385 |
BT Home Hub Used in etc. Thomson/Alcatel SpeedTouch 7G Router cross-site scripting vulnerability
Related entries in the VARIoT exploits database: VAR-E-200710-0094 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. BT Home Hub Used in etc.
Successful exploits of many of these issues will allow an attacker to completely compromise the affected device
VAR-200710-0194 | CVE-2007-5214 | AXIS 2100 Network Camera Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. (1) The default associated with the directory URI Against PATH_INFO (2) Parameters related to saved settings (3) ServerManager.srv Query string for. 2100 Network Camera is prone to a cross-site scripting vulnerability. The query string of srv will be displayed on the page
VAR-200710-0192 | CVE-2007-5212 | AXIX 2100 Network Camera Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected
VAR-200710-0193 | CVE-2007-5213 | AXIX 2100 Network Camera Vulnerable to cross-site scripting |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. AXIX 2100 Network Camera Contains a cross-site scripting vulnerability.An action could be taken by a third party as an administrator. Axis Communications 2100 Network Camera is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, multiple HTML-injection issues, and a cross-site request-forgery issue, because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected
VAR-200710-0282 | CVE-2007-5143 | F-Secure Anti-Virus Vulnerable to virus scanning |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. F-Secure Anti-Virus for Windows Servers is prone to a vulnerability that may allow certain malware to bypass detection.
An attacker may exploit this issue by placing maliciously crafted archives or packed executables in specific locations on a victim's computer.
Successful exploits will allow attackers to place on the computer malicious code that the antivirus application will fail to detect. If this code is subsequently run, this may result in a malware infection.
F-Secure Anti-Virus for Windows Servers 7.0 is affected by this issue.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
F-Secure Archives and Packed Executables Detection Bypass
SECUNIA ADVISORY ID:
SA26948
VERIFY ADVISORY:
http://secunia.com/advisories/26948/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
F-Secure Anti-Virus for Windows Servers 7.x
http://secunia.com/product/14382/
DESCRIPTION:
A vulnerability has been reported in F-Secure Anti-Virus, which can
be exploited by malware to bypass the scanning functionality.
The vulnerability only affects 64-bit server platforms.
SOLUTION:
Apply patch.
ftp://ftp.f-secure.com/support/hotfix/fsav/fsav720-01-signed.fsfix
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mr Papadorotheoun.
ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2007-6.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------