VARIoT IoT vulnerabilities database

WebTrends software stores account names and passwords in a file which does not have restricted access permissions. Vulnerabilities exist in WebTrends software

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". How this works is as follows: IIS checks the extension of the requested file to see if it needs to do any processing before delivering the information. If the requested extension is not on it's list, it then makes any language-based calculations, and delivers the file. If a single byte is appended to the end of the URL when IIS to set to use one of the double-byte language packs (Chinese, Japanese, or Korean) the language module will strip it as invalid, then look for the file. Since the new URL now points to a valid filename, and IIS has already determined that this transaction requires no processing, the file is simply delivered as is, exposing the source code

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it

Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. Cisco IOS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

A vulnerability in certain versions of the Cisco IOS software running in the Cisco 12000 series Gigabit Switch Routers may allow a remote attacker to bypass security restrictions. The issue allows a vulnerable device to forward unauthorized traffic regardless of security restrictions. The issue occurs due to an error in the processing of the 'established' keyword in an access-list statement. Specifically, this issue presents itself when an affected router carries out the following command: access-list 101 permit tcp any any established It is reported that the vulnerable devices ignore the 'established' keyword and forward all TCP traffic to the relevant interface. Cisco Gigabit Switch Routers running Cisco IOS software release 11.2(14)GS2 to 11.2(15)GS3 are vulnerable to this issue.

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loop. The system will panic and display a stack trace with ipc_task_init. Although the vulnerability is not related to web servering it can only be reproduced so far using this means

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. A vulnerability exists in the fwluser script in the AIX eNetwork firewall

Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. apple's macOS Exists in unspecified vulnerabilities.None. Powerbooks come with a 'Password Security' Control Panel. This allows the user to create a password that must be entered prior to the OS mounting the hard drive. This feature can be enabled or disabled by the user. The control panel stores the enabled/disabled state, as well as an encrypted verion of the password, in a file called 'aaaaaaaaAPWD' in the root of the drive. The problem is that this security feature can be bypassed with a boot disk and hard drive utility

Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. A buffer overflow condition has been discovered in the Intel iParty server. The server will need to be restarted to regain normal functionality. This issue may be due to a buffer overrun, potentially resulting in arbitrary code execution. This possibility has not been confirmed. iParty is a small voice conference chat program developed by Intel Experimental Technologies Department. The iParty meeting service daemon does not correctly handle the malformed requests submitted by users. Remote attackers can use this vulnerability to carry out denial-of-service attacks on the meeting service system

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file. The script takes one parameter, "source", which is the file to view. The script's default location URL is: http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

It is reported that Cisco routers running versions 12.0 are affected by a vulnerability which allows packets to bypass input filter rules. When certain versions of Cisco IOS are configured with both input access lists and NAT, an interaction between different software bugs allows packets to bypass the input filter rules. This situation allows for a false sense of security by the administrators of affected devices. This may allow an attacker to circumvent access control restrictions, possibly aiding them in further compromise of protected computers.

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button

Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. ini, (2) ModifyPassword registry entry under NAVMSE

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. Omniswitch is prone to a security bypass vulnerability. Xylan OmniSwitch prior to 3.2.6 is vulnerable

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. Cisco 7Xx Routers is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. A remote attacker could exploit this vulnerability to change the router's configuration

Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. There are vulnerabilities in the Cisco 7xx series