VARIoT IoT vulnerabilities database

Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. This issue could be exploited to deny availability of CPU resources on the system, potentially causing a denial of service condition

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. It is possible to trigger this condition with a chunked-encoded HTTP POST request

Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access.". The precise technical details regarding this issue are currently unknown, however it is believed that a local user may exploit a flaw in Terminal to possibly gain elevated privileges. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available

The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system. Mac OS X is prone to a local security vulnerability

Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet. Mac OS X versions prior to 10.3 have a bug in initializing TCP timestamps with constants

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password. Mail in versions prior to Mac OS X 10.3 is vulnerable

Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. Mac OS X prior to 10.3 has an unknown vulnerability

slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875. The slpd daemon in Mac OS X prior to 10.3 is vulnerable

Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell. It has been reported that an attacker with a specific hardware configuration may be capable of gaining root privileges on MacOS X. The problem is said to occur when a user on a system with a USB keyboard, holds a specific key sequence down for an unspecified length. This is said to effectively crash the init process, and drop the user into a shell with root privileges. Mac OS X is an operating system used on Mac machines, based on the BSD system

Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]). A buffer overrun has been discovered in the MacOS X kernel when handling large argv values passed via the command-line. The precise details regarding this condition are currently unknown however the problem likely occurs due to insufficient bounds checking when handling user-supplied data. It has been confirmed that this condition can be exploited to cause a target kernel to crash. Mac OS X is an operating system used on Mac machines, based on the BSD system. By specifying extremely long command-line arguments, a local attacker could cause a Mac OS X kernel panic. The length of the total number of parameters that can trigger this condition is allowed within a small range. When this problem occurs, the operating system crashes immediately, not allowing the user to perform any operations. No logs are produced, nor are there any kernel panic messages. The system will automatically restart after a few minutes. This vulnerability can also be used to dump a small amount of kernel memory information to the attacker, but according to @stake's investigation, only the memory address will be returned to the user, and generally does not contain sensitive information

Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system.". No detailed vulnerability details are currently available

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. These issues may cumulatively allow an attacker to cause denial of service, arbitrary code execution, privilege escalation and unauthorized access. There are multiple instances in Apple Mac OS X where files are installed or created with insecure permissions or inappropriate permissions. This could permit local attackers to modify sensitive files or potentially even replace binaries, which could then be executed by another user. Mac OS X is an operating system used on Mac machines, based on the BSD system. The same happens when dragging a folder into a mounted DMG. This reset only occurs on directories, not file permissions. Because these directories contain applications, an attacker can overwrite any application with a Trojan horse. When executed by other high-privilege users, it will lead to privilege escalation. World-writable files include: - Application and supporting executables. - Directory - Shared Objects - Configuration Files - HTML and JavaScript These files mostly exist in the following directories: -/Applications -/Library/Application Support -/Library/StartupItems

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory. Because of this, a local attacker may be able to overwrite arbitrary root owned files. Apple Mac OS X 10.3 (Panther) has been released to address multiple new and previously known vulnerabilities. These issues may cumulatively allow an attacker to cause denial of service, arbitrary code execution, privilege escalation and unauthorized access. The name of the core file is core.PID(*) , the owner of this file is ROOT, and the setting permission is 0400. Since /cores is globally writable by default, and the name of the core file is predictable, an attacker can establish a symbolic link to point to an important system file. When an application generates a CORE file, the system file will be overwritten, which may elevate privileges or cause denial of service. attack

Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. Novell has reported that the PMAP.NLM component of NetWare/ZenWorks is prone to a buffer overrun vulnerability

Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable. A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. iwconfig has a buffer overflow vulnerability

Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults. A problem has been identified in some Origo ADSL routers. Due to insufficient access control, it may be possible for a remote user to gain unauthorized administrative access to routers, potentially resulting in a denial of service. Origo ADSL includes a telnet-based configuration interface on the WAN interface, listening to port 254, and does not set any password authentication

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. Vulnerabilities exist in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier versions

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. Vulnerabilities exist in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier versions

SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. PHP-Nuke is prone to a path disclosure vulnerability. Path information will be displayed in error output when invalid input is supplied in search fields. This issue may be related to a number of previously reported vulnerabilities in PHP-Nuke. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. PHP-Nuke does not properly handle search requests submitted by users. Attackers can use this information to carry out further attacks on the system