VARIoT IoT vulnerabilities database

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. Patches have been released for the Apache mod_digest module to include digest replay protection. The module reportedly did not adequately verify client-supplied nonces against the server issued nonce. This could permit a remote attacker to replay the response of another website or section of the same website under some circumstances. It should be noted that this issue does not exist in mod_auth_digest module. Apache is a popular WEB server program. A remote attacker could exploit this vulnerability to forge responses from other sites. This vulnerability only occurs when the username and password of the user on the fake station and the server are the same, and the actual name is also the same, but this situation is relatively rare

Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. A denial-of-service vulnerability exists in Cisco's Internetwork Operating System (IOS). This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. A denial of service vulnerability has been reported to exist in all hardware platforms that run Cisco IOS versions 11.x through 12.x. This issue may be triggered by a sequence of specifically crafted IPV4 packets. A power cycling of an affected device is required to regain normal functionality. Many Cisco devices run IOS. The attack does not trigger any alarms, nor does the router automatically reload. An attacker can repeatedly attack all interfaces of the Cisco device, making the router inaccessible remotely. < *Links: http://www.cert.org/advisories/CA-2003-15.html http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml* >

The Teledat DSL Router is an ADSL router from Deutsche Telekom. The Teledat DSL Router does not properly handle port scanning, and remote attackers can exploit this vulnerability to perform a denial of service attack on the router. Scanning the Teledat DSL Router with the Symantec security scan scanner can cause the router to crash and require a reboot to get normal service. Because of this, an attacker may be able to deny service to legimate users

The Asus AAM6000EV is an ADSL router. Asus AAM6000EV ADSL files with sensitive information can be accessed directly, and intranet users can use this vulnerability to obtain username and password information. If the WEB server embedded in the Asus AAM6000EV ADSL router is enabled, users on any local network can obtain some plain text username and password information by accessing the /userdata file. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information

Cisco Catalyst is a family of business-grade switches distributed and maintained by CISCO. Cisco Catalyst does not properly handle non-standard TCP packet communication. A remote attacker can exploit this vulnerability to perform a denial of service attack on the switch device, causing legitimate users to fail to communicate properly. Introducing a TCP connection using eight non-standard TCP tag combinations, the Catalyst switch will stop the normal TCP response for some services. To re-use the functionality of this service, the switch needs to be restarted. These standard services, including HTTP, Telnet, and SSH, are not affected by this vulnerability, including console communications. This Cisco bug ID is: CSCdw52219. Because of this, an attacker may be able to deny legitimate user access to the switch

The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. Apple Mac OS X has a screen saver, entitled Screen Effects, with a password feature. Mac OS X is an operating system used on Mac machines, based on the BSD system

Ezbounce is an IRC proxy server. Ezbounce has a format string processing problem. A remote attacker can use this vulnerability to submit a malicious format string. It may execute arbitrary commands on the system with the ezbounce process permission. The problem exists in the \"ezbounce/commands.cpp\" file. When the program supports the session function, the attacker submits the \"sessions\" command containing the malicious string, which can cause the sensitive information in the process memory to be destroyed. The ezbounce process privilege executes arbitrary commands on the system. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit this vulnerability, the attacker must have valid credentials. This flaw may be of use to attackers who have proxy access but no privileges on the underlying host

Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. Successful exploitation of this vulnerability could potentially allow an attacker to gain privileged access to the system and thus carry out further attacks. Local attackers can use this vulnerability to perform privilege escalation attacks on the system. No detailed vulnerability details are currently available

Switches developed by the OptiSwitch 400 and 800 Series MRV Communications. There is a problem with the OptiSwitch 400 and 800 series initializing connections, which can be exploited by remote attackers without authorization to access the switch without a password. When a remote user connects to the device via telnet or console and initiates a special keystroke request, the switch is not authorized to access the switch with root privileges. A vulnerability has been reported for the OptiSwitch device which could allow an attacker to gain unauthorized remote access. When the sequence is processed, remote access will be granted to the attacker. *** The vendor has responded and has reported that the vulnerability does not infact exist

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. This condition is not currently known to be exploitable, however, it could potentially allow for local privilege escalation. tcptraceroute is a traceroute implementation using TCP packets. A local attacker can exploit this vulnerability to potentially execute arbitrary commands on the system with root process privileges. No detailed vulnerability details are currently available

traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. An integer overflow vulnerability has been reported for Traceroute-Nanog. It has been reported that when processing certain max_ttl and nprobes values from a traceroute invocation, some functions or utilities may fail to sufficiently handle the size of data returned. Because an attacker can control arbitrary memory corruption, although conjectured and unconfirmed, an attacker might exploit this condition to execute arbitrary instructions with elevated privileges. It should be noted that this vulnerability might only affect the Debian implementation of Traceroute-Nanog. There is a vulnerability in traceroute-nanog version 6.1.1

Avaya Cajun offers a multiservice network switch system solution. Avaya Cajun switches do not properly handle 4,000 ports of abnormal communication, which can be exploited by remote attackers to delay the switch for a period of time. By connecting the switch 4000 port, sending the first 4 bytes represents a negative number, and packets exceeding 5 bytes can cause the switch to delay for a period of time. Multiple such packets can cause the switch to stop working and generate a denial of service. Because of this, an attacker may be able to cause the switch to stall for period of time

Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers

Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. Because of this, a local attacker may be able to launch a symbolic link attack against sensitive files. GNU Gzip is a compression/decompression program of the GNU Project. znew in Gzip packets has an input validation error vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface. A vulnerability has been discovered in the SMC SMC7004VWBR wireless router. The problem is said to occur while processing a sequence of malformed PPTP packets received via the local interface. Successful exploitation of this vulnerability will result in the router no longer responding to internal wireless traffic. SMC7004VWBR does not correctly process malformed PPTP packets. Remote attackers can use this vulnerability to conduct denial of service attacks on the device and prevent legitimate users from accessing network resources. By default, the router listens on TCP port 1723. The attacker connects to the target network through the 802.11b wireless network interface card and sends a series of malformed PPTP data, which can cause the router to stop responding, and legitimate users cannot access network resources

The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967

Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. PHP-Nuke is prone to a cross-site scripting vulnerability