Recent Advisories

Archive

[2017-06-30] Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government

[2017-06-22] Multiple vulnerabilities in Cisco Prime Infrastructure

[2017-06-20] Multiple Reflected Cross Site Scripting (XSS) issues in Ubiquiti Networks products

[2017-06-13] Access Restriction Bypass in Atlassian Confluence

[2017-06-07] Various WiMAX CPEs Authentication Bypass

[2017-05-23] Arbitrary File Upload & Stored XSS in InvoicePlane

[2017-05-18] Multiple critical vulnerabilities in Western Digital TV Media Player

[2017-05-11] Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager

[2017-05-10] Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App

[2017-05-09] Multiple vulnerabilities in I, Librarian PDF manager

[2017-04-25] Portrait Display SDK Service privilege escalation

[2017-04-07] Server-Side Request Forgery in MyBB forum

[2017-04-03] Misbehavior of PHP fsockopen function

[2017-03-22] Multiple vulnerabilities in Solare Datensysteme SolarLog devices

[2017-03-16] Authenticated Command Injection in multiple Ubiquiti Networks products

[2017-03-08] Multiple vulnerabilities in Navetti PricePoint

[2017-03-07] Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud

[2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave

[2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server

[2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products

 


 

[2017-06-30] Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government
The OSCI-transport library 1.2, a core component of Germany’s e-government infrastructure, is affected by XXE, padding oracle and signature wrapping. These vulnerabilities could be used to read local files from OSCI-systems, decrypt certain parts of a message or, under specific circumstances, even to forge messages.

[2017-06-22] Multiple vulnerabilities in Cisco Prime Infrastructure
Multiple security vulnerabilities in Cisco Prime Infrastructure < 3.1.6 could allow local low-privileged user to read arbitrary files such as wireless access point configurations, read the hashed passwords of all the users including the administrator from database and infect other users with JavaScript trojan

[2017-06-20] Multiple Reflected Cross Site Scripting (XSS) issues in Ubiquiti Networks products
Multiple Ubiquiti Networks products with firmware XM v6.0, SW v1.3.3 and AF24 v3.2 are affected by a POST-request based cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user and cookies can be stolen.

[2017-06-13] Access Restriction Bypass in Atlassian Confluence
An attacker can manually subscribe to pages of Atlassian Confluence which he is not able to view and he then receive any further comments made on the restricted page.

[2017-06-07] Various WiMAX CPEs Authentication Bypass
Various WiMAX routers by GreenPacket, Huawei, MADA, MitraStar, ZTE and ZyXEL are affected by an authentication bypass vulnerability that allows an attacker to take over the web interface.

[2017-05-23] Arbitrary File Upload & Stored XSS in InvoicePlane
Multiple high risk vulnerabilities, such as arbitrary file upload and stored cross site-scripting, within the InvoicePlane software allow an attacker to compromise the affected server.

[2017-05-18] Multiple critical vulnerabilities in Western Digital TV Media Player
Multiple critical vulnerabilities, such as unauthenticated arbitrary file upload or local file inclusion, within the WDTV Media Player devices allow an attacker to take over the device over the network.

[2017-05-11] Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager
EnCase Forensic Imager is used by computer forensic experts to gather evidence from storage media. Due to a buffer overflow flaw in this product an attacker can manipulate a storage medium to execute arbitrary malicious code on the investigator’s machine.

[2017-05-10] Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
Due to the lack of URI scheme validation, any external URI scheme can be invoked by the Microsoft OneDrive iOS application without any user interaction.

[2017-05-09] Multiple vulnerabilities in I, Librarian PDF manager
The “I, Librarian” software is vulnerable to OS command injection which allows an attacker to compromise the vulnerable server. Furthermore, other high risk vulnerabilities exist as well.

[2017-04-25] Portrait Display SDK Service privilege escalation
The Portrait Display SDK Service (PdiService.exe) configuration was found to be writable for every authenticated user in a default installation.

[2017-04-07] Server-Side Request Forgery in MyBB forum
The “Change Avatar” function in MyBB allows an attacker to perform server-side request forgery (SSRF) attacks if the cURL functions are disabled. It is possible to send requests to internal networks and perform port scans.

[2017-04-03] Misbehavior of PHP fsockopen function
Unpredictable behavior of the “fsockopen” function in PHP allows an attacker to perform server-side request forgery (SSRF) attacks.

[2017-03-22] Multiple vulnerabilities in Solare Datensysteme SolarLog devices
The configuration, which contains the passwords, can be downloaded unauthenticated. All Solar-Log devices with firmware 2.8.4-56 are affected by this vulnerability. The devices with firmware 3.5.2-85 are prone to a CSRF vulnerability which can result in a password removal/reset. Arbitrary unauthenticated file uploads are possible on devices with firmware 3.5.2-85 as well. Another vulnerability enables an attacker to change the network configuration of a device without any authentication.

[2017-03-16] Authenticated Command Injection in multiple Ubiquiti Networks products
The firmware of various Ubiquiti Networks devices contains a command injection vulnerability which can be exploited by luring an authenticated user to click on a malicious link or surf to a malicious website. Low privileged users can elevate their rights and use the vulnerability for further attacks.

[2017-03-08] Multiple vulnerabilities in Navetti PricePoint
Navetti PricePoint is vulnerable against a broad range of typical application based vulnerabilities. On one hand an attacker is able to execute arbitrary JavaScript code in the context of an arbitrary user. On the other hand, an attacker is able to read out the contents of the application’s database due to missing input validation. Furthermore an attacker can use cross-site request forgery to perform arbitrary web requests with the identity of the victim without being noticed by the victim.

[2017-03-07] Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud
Multiple critical vulnerabilities, such as unauthenticated OS command injection or arbitrary file upload, within the WD My Cloud devices allow an attacker to gain access on the device.

[2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave
The authenticated XXE and reflected XSS vulnerabilities were found in Aruba AirWave versions prior to 8.2.3.1. The XXE flaw can be exploited by either a low-privileged user or a social engineering attack which could allow an attacker to read sensitive files on the system.

[2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server
Attackers can dump password hashes and other available data from the operating system of the JUNG Smart Visu Server. An attacker is able to access and control all Smart Visu server installation if he is able to crack the hashes. The group address password can be removed by using a single PUT request.

[2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products
Many products of Ubiquiti Networks are affected by a cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user. Furthermore, different actions on the system can be triggered by CSRF attacks.

[2017-01-17] Cross site scripting in TYPO3 CMS extension “Recommend page”
The “Recommend page” extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users.

[2016-11-28] Denial of service & heap-based buffer overflow in Guidance Software EnCase Forensic

[2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle – Solar Controller Administration Software / MPPT Solar Controller SMART2

[2016-10-11] XXE vulnerability in RSA ECAT Client

[2016-09-22] Potential backdoor access through multiple vulnerabilities in in Kerio Control Unified Threat Management

[2016-09-06] Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products

[2016-08-31] Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker

[2016-08-25] Multiple vulnerabilities in Micro Focus (Novell) GroupWise

[2016-08-10] Information Disclosure in ARI Soft ARI Quiz

[2016-08-10] Multiple vulnerabilities in LINE instant messenger platform

[2016-07-25] Multiple vulnerabilities in Micro Focus (Novell) Filr appliance

[2016-06-24] ASUS DSL-N55U cross site scripting and information disclosure vulnerability

[2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway

[2016-04-22] Insecure credential storage in my devolo Android app

[2016-04-22] Multiple vulnerabilities in Digitalstrom Konfigurator

[2016-02-10] Yeager CMS multiple vulnerabilities

 


 

[2016-12-06] Backdoor vulnerability in Sony IPELA ENGINE IP Cameras
Sony IPELA Engine IP Cameras contain multiple backdoors. Those backdoor accounts allow an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or spy on people.

[2016-11-28] Denial of service & heap-based buffer overflow in Guidance Software EnCase Forensic
EnCase Forensic Imager and the EnCase Forensic suite are widely used by computer forensic experts to analyze hard disks. Due to flaws in these products an attacker could manipulate a hard disk to keep an investigator from fully analyzing it (denial of service). Potentially, an attacker could execute malicious code on the investigator’s machine.

[2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle – Solar Controller Administration Software / MPPT Solar Controller SMART2
Attackers are able to control the SolarEagle V2.00 / MPPT Solar Controller SMART2 device as authentication is broken. Furthermore attackers can eavesdrop the unencrypted communication or denial service.

[2016-10-11] XXE vulnerability in RSA ECAT Client
By exploiting the XXE vulnerability, an attacker can get read access to the filesystem of the user’s system using RSA ECAT client and thus obtain sensitive information from the system. It is also possible to scan ports of the internal hosts and cause DoS on the affected host.

[2016-09-22] Potential backdoor access through multiple vulnerabilities in in Kerio Control Unified Threat Management
Kerio Control contains multiple vulnerabilities which can be used by an attacker to obtain a reverse root shell to the internal firewall system of a network. An attacker can use this reverse root shell to further compromise the victim’s local network, sniff VPN traffic (including VPN credentials) or just backdoor the firewall/VPN gateway.

[2016-09-06] Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products
A browser-trusted certificate including its private key is embedded in the firmware of several Aruba Networks/Alcatel-Lucent products. The certificate is used for providing user access to a captive portal via HTTPS as well as EAP connections for WPA2-Enterprise clients. An attacker can use this vulnerability to impersonate a captive portal or Wi-Fi AP and gain access to sensitive information.

[2016-08-31] Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker
CryptoPro Secure Disk for Bitlocker contains multiple vulnerabilities which can be used by an attacker to manipulate the PBA (pre-boot authentication). This allows attackers to modify the login mask to steal BitLocker and domain credentials as well as the private 802.1x machine certificate.

[2016-08-25] Multiple vulnerabilities in Micro Focus (Novell) GroupWise
Micro Focus (Novell) GroupWise 2014 (up to R2 SP1) contains vulnerabilities that allow an attacker to take over user sessions by sending the victim a crafted email, take over administrator accounts or potentially compromise the system (heap based buffer overflow).

[2016-08-10] Information Disclosure in ARI Soft ARI Quiz
ARI Quiz is a Joomla! quiz component which allows to create exams. Unfortunately, each server’s response marks the correct answer, which makes cheating very easy and results in fraudulent test results.

[2016-08-10] Multiple vulnerabilities in LINE instant messenger platform
The LINE instant messenger platform suffers from multiple vulnerabilities. It is not permitted to publish further information because of the bug bounty policy of the vendor.

[2016-07-25] Multiple vulnerabilities in Micro Focus (Novell) Filr appliance
The Micro Focus (Novell) Filr Appliance contains several vulnerabilities that, when combined, allow an unauthenticated attacker to execute arbitrary system commands as the user “root” or allow an authenticated attacker to hijack user and administrator sessions.

[2016-06-24] ASUS DSL-N55U cross site scripting and information disclosure vulnerability
The router ASUS DSL-N55U is prone to reflected cross site scripting and information disclosure vulnerabilities.

[2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
The firmware for the cable modem Ubee EVW3226 contains multiple critical vulnerabilities, which can be exploited to gain full system-level access to the device. This allows for inspection, modification and redirection of traffic.

[2016-04-22] Insecure credential storage in my devolo Android app
The Android app of devolo Home Control suffers from insecure credential storage. Attackers can be able to recover sensitive information from stolen/lost devices.

[2016-04-22] Multiple vulnerabilities in Digitalstrom Konfigurator
Multiple design and implementation flaws within the smart home system Digitalstrom enable an attacker to control arbitrary devices connected to the system and execute JavaScript code in the user’s browser.

[2016-02-10] Yeager CMS multiple vulnerabilities
Yeager CMS suffers from multiple critical security issues including multiple SQL injections, arbitrary file upload, server-side request forgery and non-permanent cross-site scripting vulnerabilities. Unauthenticated attackers are able to compromise Yeager CMS in both application and database levels.

[2016-01-21] Deliberately hidden backdoor account in AMX (Harman Professional) devices
Several AMX (by HARMAN Professional) products are shipped with a hidden backdoor account. This account can be used to login to the web based management interface as well as at the command line interface. Using this backdoor account grants additional features on the command line interface, such as capturing packets (sniffing) on the network interface. Parts of the application which display a list of users are designed to deliberately hide the backdoor account.

[2015-11-05] Insecure default configuration in Ubiquiti Networks products

[2015-10-22] Lime Survey Multiple Critical Vulnerabilities

[2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network

[2015-07-28] McAfee Application Control multiple vulnerabilities

[2015-07-16] Permanent Cross-Site Scripting in Oracle Application Express

[2015-06-26] Polycom RealPresence Resource Manager critical vulnerabilities allow surveillance on conferences

[2015-05-19] Critical buffer overflow vulnerability in KCodes NetUSB

[2015-05-14] Multiple vulnerabilities in Loxone Smart Home (part 2)

[2015-05-13] Multiple critical vulnerabilities in WSO2 Identity Server

[2015-04-10] Unauthenticated Local File Disclosure in multiple TP-LINK products

[2015-04-09] Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows

[2015-02-27] Multiple vulnerabilities in Loxone Smart Home

[2015-01-22] Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) / Symantec Critical System Protection (SCSP)

[2015-01-13] Multiple critical vulnerabilities in all snom desktop IP phones

[2015-01-13] Privilege Escalation & XSS & Missing Authentication in Ansible Tower

 


 

[2015-12-10] Skybox Platform Multiple Vulnerabilities
The Skybox platform contains multiple security vulnerabilities which can be exploited by an attacker to execute arbitrary code and to read arbitrary files from the file system. Moreover a SQL injection and various Cross-Site scripting vulnerabilities have been identified. Attackers can exploit these issues to completely compromise affected Skybox appliances.

[2015-11-05] Insecure default configuration in Ubiquiti Networks products
Ubiquiti Networks products have remote administration enabled by default (WAN port). Additionally these products use the same certificates and private keys for administration via HTTPS.

[2015-10-22] Lime Survey Multiple Critical Vulnerabilities
Lime Survey contains multiple vulnerabilities which can be used by unauthenticated attackers to execute administrative functions. Moreover, in certain conditions unauthenticated attackers can run arbitrary PHP code and gain access to the filesystem and the Lime Survey database.

[2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network
A stack-based buffer overflow was identified in the Websense Content Manager administrative interface, which allows execution of arbitrary code.

[2015-07-28] McAfee Application Control multiple vulnerabilities
McAfee Application Control contains multiple vulnerabilities which can be used by an attacker to bypass the provided application whitelisting protection and attack availability of the system. Moreover, the identified vulnerabilities negatively affect the security of the underlying operating system.

[2015-07-16] Permanent Cross-Site Scripting in Oracle Application Express
The gReport Controls Sort Widget is prone to permanent Cross-Site Scripting.

[2015-06-26] Polycom RealPresence Resource Manager critical vulnerabilities allow surveillance on conferences
Multiple remote vulnerabilities (arbitrary file disclosure, path traversal, arbitrary file upload, privilege escalation in the web application) combined with local vulnerabilities (sudo misconfiguration, weak filesystem permissions) allow an authenticated but unprivileged attacker to gain remote root privileges on Polycom RealPresence Resource Manager systems. Attackers can steal all conference passcodes and join or record any conference.

[2015-05-19] Critical buffer overflow vulnerability in KCodes NetUSB
KCodes NetUSB is vulnerable to a buffer overflow via the network that results in a denial of service or code execution.

[2015-05-14] Multiple vulnerabilities in Loxone Smart Home (part 2)
The Loxone Smart Home vulnerabilities published in February 2015 (SA-20150227-0) have not been fixed entirely and can still be exploited. Furthermore, new security issues have been identified.

[2015-05-13] Multiple critical vulnerabilities in WSO2 Identity Server
An unauthenticated attacker is able to read arbitrary local files from the WSO2 Identity Server by using the SAMLv2 authentication interface. Moreover, targeted attacks against users or administrators of the Identity Server may be conducted using CSRF and XSS vulnerabilities.

[2015-04-10] Unauthenticated Local File Disclosure in multiple TP-LINK products
Attackers can read sensitive configuration files without prior authentication on multiple TP-LINK devices. These files e.g. include the administrator credentials and the WPA passphrase.

[2015-04-09] Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows
XSS and XSRF vulnerabilities within the Confluence plugin Comala Workflows of Comalatech enable an attacker to perform unauthorized actions in the name of another logged-in user and attack other users of the web application with JavaScript code, browser exploits or Trojan horses.

[2015-02-27] Multiple vulnerabilities in Loxone Smart Home
Multiple design and implementation flaws within Loxone Smart Home enable an attacker to control arbitrary devices connected to the system, execute JavaScript code in the user’s browser, steal the user’s credentials and cause a denial of service.

[2015-01-22] Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) / Symantec Critical System Protection (SCSP)
Unauthenticated attackers are able to completely compromise the Symantec SDCS:SA Server as they can gain access at the system and database level. Furthermore attackers can manage all clients and their policies.
Furthermore the Symantec SDCS:SA Client protections can be bypassed in several ways.

[2015-01-13] Multiple critical vulnerabilities in all snom desktop IP phones
All snom desktop IP phones are affected by multiple critical security issues in all available firmware versions. Attackers are able to completely compromise the phone with root access rights and install backdoors to the device which will even survive a factory reset. Furthermore, tapping into phone calls or surveilling the room is possible.

[2015-01-13] Privilege Escalation & XSS & Missing Authentication in Ansible Tower
Attackers are able to elevate privileges and gain access to sensitive data of
other organizations in Ansible Tower.

[2015-01-13] Cross site request forgery vulnerability in XBMC / Kodi
By exploiting a CSRF-vulnerability an attacker is able to execute arbitrary
JSON-RPC commands on the XBMC/Kodi media center. This potentially allows an
attacker to gain access to sensitive data. In order to exploit this issue an
attacker has to lure a victim with access to the web interface on a
manipulated web site.

[2014-12-18] Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)

[2014-12-18] OS command execution vulnerability in GParted

[2014-12-18] Multiple high risk vulnerabilities in NetIQ Access Manager

[2014-11-06] XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection

[2014-10-31] XXE and XSS vulnerabilities in Scalix Web Access

[2014-10-29] Multiple critical vulnerabilities in Vizensoft Admin Panel

[2014-10-29] Persistent cross site scripting in Confluence RefinedWiki Original Theme

[2014-10-15] Potential Cross-Site Scripting in ADF Faces

[2014-08-28] Cross-Site Scripting vulnerabilities in F5 BIG-IP

[2014-08-05] Multiple vulnerabilities in Readsoft Invoice Processing and Process Director

[2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition

[2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server “Desktop Client”

[2014-07-16] Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway

[2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone

[2014-07-10] Multiple critical vulnerabilities in Shopizer webshop

[2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop

[2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system

[2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu

[2014-07-01] Stored cross site scripting in EMC Documentum eRoom

[2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS

[2014-06-06] Multiple critical vulnerabilities in WebTitan

[2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress

[2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4

[2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration

[2014-04-30] SQL injection and XSS vulnerabilities in Typo3 si_bibtex extension

[2014-04-23] Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

[2014-04-11] Multiple vulnerabilities in Plex Media Server

[2014-04-02] Multiple vulnerabilities in Rhythm File Manager

[2014-03-28] Multiple vulnerabilities in Symantec LiveUpdate Administrator

[2014-03-07] Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot

[2014-02-28] Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch Web Manager

[2014-02-28] Authentication bypass (SSRF) and local file disclosure in Plex Media Server

[2014-02-27] Local Buffer Overflow vulnerability in SAS for Windows

[2014-02-18] Critical vulnerabilities in Symantec Endpoint Protection

[2014-01-22] Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)

[2014-01-22] Backdoor account & command injection vulnerabilities in Allnet IP-Cam ALL2281

 


 

[2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database.

[2014-12-18] Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)
Attackers are able to fully compromise the VDG Sense video management system by gaining highest system level access rights as multiple critical vulnerabilities exist.

[2014-12-18] OS command execution vulnerability in GParted
GParted does not properly sanitize strings before passing them as parameters to an OS command. Under certain conditions an attacker is able to execute system commands as user “root” by tricking a victim into using GParted to e.g. format a USB drive.

[2014-12-18] Multiple high risk vulnerabilities in NetIQ Access Manager
A vulnerability in the NetIQ Access Manager allows an authenticated attacker to read local files. Moreover, several web based issues (CSRF, persistent and non-persistent XSS) allow an attacker to hijack the session of an administrator or user. An information disclosure vulnerability allows an attacker to gather internal information including service passwords.

[2014-11-06] XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
Attackers are able to perform denial-of-service attacks against the Endpoint
Protection Manager which directly impacts the effectiveness of the client-side
endpoint protection. Furthermore, session identifiers of users can be stolen
to impersonate them and gain unauthorized access to the server.

[2014-10-31] XXE and XSS vulnerabilities in Scalix Web Access
Scalix Web Access is vulnerable to XML external entity injection (XXE) and
reflected cross site scripting (XSS) attacks. An unauthenticated attacker can
get read access to the filesystem of the Scalix Web Access host and thus
obtain sensitive information.

[2014-10-29] Multiple critical vulnerabilities in Vizensoft Admin Panel
Attackers are able to completely compromise the web application built upon
Vizensoft CMS as they can gain access to the system and database level and
manage the website as an admin without prior authentication.

[2014-10-29] Persistent cross site scripting in Confluence RefinedWiki Original Theme
By exploiting this vulnerability, users that are able to create or edit content, can attack other users of confluence. An attacker might be able to gain access to otherwise protected information in confluence.

[2014-10-15] Potential Cross-Site Scripting in ADF Faces
The Oracle ADF Faces framework fails to encode certain characters in the goButton component. This may lead to Cross-Site Scripting vulnerabilities in applications that use this component.

[2014-08-28] Cross-Site Scripting vulnerabilities in F5 BIG-IP
Attackers can steal other users sessions, impersonate other users and to gain unauthorized access to the admin interface.

[2014-08-05] Multiple vulnerabilities in Readsoft Invoice Processing and Process Director
The Readsoft Process Director web application suffers from multiple Cross-Site Scripting vulnerabilities which can be used to attack users of the affected application. The identified security flaws in the Readsoft Invoice Processing software can be exploited to retrieve sensitive information.

[2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition
The Alfresco Community Edition Server is prone to multiple Server Side Request Forgery vulnerabilities allowing access to internal resources for an unauthenticated attacker.

[2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server “Desktop Client”
Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server “Desktop Client” installed.

[2014-07-16] Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
Attackers can exploit XSS and other vulnerabilities that lead to cookie disclosure to execute administrative actions.

[2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone
Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access.

[2014-07-10] Multiple critical vulnerabilities in Shopizer webshop
The webshop software Shopizer is affected by multiple critical vulnerabilities. Attackers are able to completely compromise the system through arbitrary code execution or manipulate product prices or customer data.

[2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop
The webshop software Shopizer is affected by multiple high risk vulnerabilities. Attackers are able to bypass authentication / authorization and access invoice data of other customers.

[2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system
Unauthenticated attackers are able to reconfigure the Schrack MICROCONTROL emergency light system by accessing the file system via telnet or FTP. Furthermore a weak default password can be exploited.

[2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu
The vulnerability in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu enables an attacker to extract all the configured passwords without authentication. The attacker can use the extracted passwords to access the WebVisu and control the system.

[2014-07-01] Stored cross site scripting in EMC Documentum eRoom
Due to improper input validation, EMC Documentum eRoom suffers from multiple stored cross-site scripting vulnerabilities, which allow an attacker to steal other user’s sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.

[2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS
Abusing multiple vulnerabilities within IBM Algorithmics RICOS, an attacker can take over foreign user accounts and bypass authorization mechanisms.

[2014-06-06] Multiple critical vulnerabilities in WebTitan
Multiple critical security vulnerabilities have been identified in the WebTitan web filtering solution. Exploiting these vulnerabilities potential attackers could take control over the entire appliance.

[2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress
Attackers are able to completely compromise the voice recording / surveillance
solution “NICE Recording eXpress” as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account.

[2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4
The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts.

[2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration
Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on
endpoints.

[2014-04-30] SQL injection and XSS vulnerabilities in Typo3 si_bibtex extension
By exploiting the SQL injection vulnerability in the Typo3 extension “si_bibtex”, an attacker is able to gain
full access to the Typo3 database. Depending on the location where the extension is used in the web
application, this may be possible by an unauthenticated attacker. Furthermore, it is affected by persistent XSS.

[2014-04-23] Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
An unauthenticated remote attacker can exploit the identified Path Traversal vulnerability in order to retrieve arbitrary files from the affected WD Arkeia Network Backup appliances and execute system commands.

[2014-04-11] Multiple vulnerabilities in Plex Media Server
Plex Media Server contains several vulnerabilities that allow an attacker to intercept traffic between Plex Media Server and clients in plaintext. Furthermore Cross Site Request Forgery (CSRF) vulnerabilities allow an attacker to execute privileged commands in the context of Plex Media Server.

[2014-04-02] Multiple vulnerabilities in Rhythm File Manager
An attacker being able to connect to the Android device (e.g. if he uses the same Wireless network), can access arbitrary local files from the device while the File Manager app is being used to stream media. Moreover, a malicious Android app or an attacker being able to connect to the Android device may issue system commands as the user “root” if “root browsing” is enabled.

[2014-03-28] Multiple vulnerabilities in Symantec LiveUpdate Administrator
Attackers are able to compromise Symantec LiveUpdate Administrator at the application and database levels because of vulnerable password reset functionality and SQL injection vulnerabilities. This enables access to credentials of update servers on the network without prior authentication.

[2014-03-07] Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot
Unauhenticated attackers are able to gain access to sensitive configuration
(e.g. WLAN passwords in clear text or IMEI information of the SIM card) and
even manipulate all settings in the web administration interface! This can even be exploited remotely via Internet depending on the mobile operator setup or via CSRF attacks.

[2014-02-28] Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch Web Manager
Attackers are able to elevate privileges during login from read-only user rights to full read/write or debug access rights by simply changing result values of the affected CGI script. This allows attackers to reconfigure the device.

[2014-02-28] Authentication bypass (SSRF) and local file disclosure in Plex Media Server
The Plex Media Server proxy functionality fails to properly validate
pre-authentication user requests. This allows unauthenticated attackers to make
the Plex Media Server execute arbitrary HTTP requests and hence bypass all authentication
and execute commands with administrative privileges.
Furthermore, because of insufficient input validation, arbitrary local files can be
disclosed without prior authentication including passwords and other sensitive information.

[2014-02-27] Local Buffer Overflow vulnerability in SAS for Windows
Attackers are able to completely compromise SAS clients when a malicious
SAS program gets executed as the software “SAS for Windows” is affected by a local buffer overflow vulnerability.

[2014-02-18] Critical vulnerabilities in Symantec Endpoint Protection
Attackers are able to completely compromise the Symantec Endpoint Protection Manager server as they can gain access at the system and database level because of critical XXE and SQL injection vulnerabilities. Furthermore attackers can manage all endpoints and possibly deploy attacker-controlled code on clients.

[2014-01-22] Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
Attackers are able to completely compromise the T-Mobile Austria HOME NET router (based on Huawei B593u-12) without prior authentication. Depending on the configuration of the router it is also possible to exploit the flaws directly from the Internet.

[2014-01-22] Backdoor account & command injection vulnerabilities in Allnet IP-Cam ALL2281
The IP camera Allnet ALL2281 is affected by critical vulnerabilities that allow an attacker to gain access to the webinterface via a backdoor account. Furthermore, executing arbitrary OS commands is possible.

[2013-12-27] XPath Injection in IBM Web Content Manager

[2013-11-13] Cross-site scripting vulnerabilities in EMC Documentum eRoom

[2013-10-15] Multiple critical vulnerabilities in SpamTitan

[2013-10-04] SQL injection vulnerability in Zabbix

[2013-10-03] Denial of service vulnerability in Citrix NetScaler

[2013-09-04] Multiple vulnerabilities in GroupLink everything HelpDesk

[2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness

[2013-07-26] Multiple vulnerabilities – Surveillance via Symantec Web Gateway

[2013-07-19] Multiple vulnerabilities in Sybase EAServer

[2013-07-09] Denial of service vulnerability in Apache CXF

[2013-06-25] Multiple vulnerabilities in IceWarp Mail Server

[2013-06-14] Critical vulnerabilities in Siemens OpenScape Branch & SBC

[2013-06-05] Critical vulnerabilities in CTERA portal

[2013-05-23] JavaScript Execution in IBM WebSphere DataPower Services

[2013-05-07] Multiple vulnerabilities in NetApp OnCommand System Manager

[2013-04-17] Multiple vulnerabilities in Sosci Survey

[2013-04-17] Oracle Java ActiveX Control Memory Corruption

[2013-04-17] HTTP header injection/Cache poisoning in Oracle WebCenter

[2013-04-08] Insecure library loading in Nitro Pro 8

[2013-04-04] Multiple vulnerabilities in Censornet Professional v4

[2013-04-03] Multiple vulnerabilities in Sophos Web Protection Appliance

[2013-03-13] Integer overflow in QlikView Desktop Client

[2013-03-11] Persistent cross site scripting in jforum

[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise

[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise Part 2

[2013-01-24] Barracuda Networks SSL VPN Authentication Bypass

[2013-01-24] Critical backdoor in multiple Barracuda Networks Appliances

[2013-01-22] F5 BIG-IP SQL injection vulnerability

[2013-01-22] F5 BIG-IP XML external entity injection vulnerability

 


 

[2013-12-27] XPath Injection in IBM Web Content Manager
By exploiting the identified XPath Injection vulnerability, an unauthenticated user is able to extract sensitive application configuration data from vulnerable installations of IBM Web Content Manager.

[2013-11-13] Cross-site scripting vulnerabilities in EMC Documentum eRoom
Due to improper input validation, Documentum eRoom suffers from multiple cross-site scripting vulnerabilities, which allow an attacker to steal other user’s sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.

[2013-10-15] Multiple critical vulnerabilities in SpamTitan
SpamTitan suffers from multiple critical vulnerabilities. Unauthenticated attackers are able to completely compromise the system and extract or manipulate database contents.

[2013-10-04] SQL injection vulnerability in Zabbix
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.

[2013-10-03] Denial of service vulnerability in Citrix NetScaler
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.

[2013-09-04] Multiple vulnerabilities in GroupLink everything HelpDesk
By exploiting the undocumented password reset functionality, an unauthenticated attacker can gain administrative access to the affected Helpdesk system. The Cross-Site Scripting vulnerability can be used to attack users the affected application.

[2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness
The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it.

[2013-07-26] Multiple vulnerabilities – Surveillance via Symantec Web Gateway
The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily.

[2013-07-19] Multiple vulnerabilities in Sybase EAServer
Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service.

[2013-07-09] Denial of service vulnerability in Apache CXF
Apache CXF is vulnerable to denial of service attacks within the XML parser.

[2013-06-25] Multiple vulnerabilities in IceWarp Mail Server
IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files.

[2013-06-14] Critical vulnerabilities in Siemens OpenScape Branch & SBC
Siemens OpenScape Branch & SBC are vulnerable to critical vulnerabilities such as unauthenticated execution of OS commands or file disclosure. Attackers are able to take over the operating system and potentially intercept VoIP traffic or phone calls.

[2013-06-05] Critical vulnerabilities in CTERA portal
CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server.

[2013-05-23] JavaScript Execution in IBM WebSphere DataPower Services
IBM WebSphere DataPower Appliance XI50 is vulnerable to cross site scripting if the appliance is configured to blindly echo back requests to the sender.

[2013-05-07] Multiple vulnerabilities in NetApp OnCommand System Manager
NetApp OnCommand System Manager suffers from multiple security issues such as cross site scripting. Authenticated attackers can also read arbitrary files or execute operating system commands.

[2013-04-17] Multiple vulnerabilities in Sosci Survey
Sosci Survey is vulnerable to Cross-Site Scripting, authorization bypass and remote command execution vulnerabilities which can be exploited by remote attackers.

[2013-04-17] Oracle Java ActiveX Control Memory Corruption
A memory corruption vulnerability in Oracle Java(TM) Web Start Launcher could potentially result in an arbitrary code execution or cause a crash.

[2013-04-17] HTTP header injection/Cache poisoning in Oracle WebCenter
Due to unsanitized user input it is possible to inject arbitrary HTTP header values in certain HTTP responses of the Satellite Server. Moreover, the Satellite Server caches these HTTP responses with the injected HTTP header.

[2013-04-08] Insecure library loading in Nitro Pro 8
Nitro Pro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a remote WebDAV or SMB share which contains a specially crafted DLL.

[2013-04-04] Multiple vulnerabilities in Censornet Professional v4
Censornet Professional v4 suffers from multiple Cross-Site Scripting and SQL
Injection vulnerabilities which can be exploited by an authenticated attacker.

[2013-04-03] Multiple vulnerabilities in Sophos Web Protection Appliance
Several vulnerabilities in Sophos Web Protection Appliance including a local file disclosure and an OS command injection vulnerability allow unauthenticated users to fully compromise the system.

[2013-03-13] Integer overflow in QlikView Desktop Client
An integer overflow vulnerability exists in the .qvw file format parser.
Successful exploitation of this vulnerability could result in an
arbitrary code execution within the QlikView Desktop client.

[2013-03-11] Persistent cross site scripting in jforum
An authenticated user is able to perform cross-site scripting attacks
e.g. create relogin trojan horses or steal session cookies in the
context of the affected website that uses a vulnerable version of jforum.

[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise
GroundWork Monitor Enterprise suffers from multiple critical
vulnerabilities. The most severe problems are that an unauthenticated
attacker is able to elevate his privileges (gain admin access), execute
arbitrary operating system commands, take over the whole monitoring
system and gain access to sensitive configuration files with clear text
passwords of the monitored systems. An attacker is therefore easily able
to spread the attack within the internal network.Keep in mind that the optional technical bulletin of GroundWork only
makes changes to the configuration and does not solve the underlying
issues within the source code!

[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise Part 2
GroundWork Monitor Enterprise suffers from multiple critical
vulnerabilities. The most severe problems are that an unauthenticated
attacker is able to elevate his privileges (gain admin access), execute
arbitrary operating system commands, take over the whole monitoring
system and gain access to sensitive configuration files with clear text
passwords of the monitored systems. An attacker is therefore easily able
to spread the attack within the internal network.Keep in mind that the optional technical bulletin of GroundWork only
makes changes to the configuration and does not solve the underlying
issues within the source code!

[2013-01-24] Barracuda Networks SSL VPN Authentication Bypass
By setting of Java System Properties an unauthenticated attacker can disable various security mechanisms and thus gain access to an internal API. Among other functions, an attacker can set passwords for admin accounts.

[2013-01-24] Critical backdoor in multiple Barracuda Networks Appliances
The firewall rules on the appliance enable remote attackers from a certain set of IP ranges to access the appliance via SSH using weak default user account passwords.

[2013-01-22] F5 BIG-IP SQL injection vulnerability
Due to insufficient input validation in F5 BIG-IP, an authenticated attacker can inject arbitrary SQL commands, thus gaining full database and partial file system access.

[2013-01-22] F5 BIG-IP XML external entity injection vulnerability
Due to insufficient input validation in F5 BIG-IP, an authenticated attacker can disclose arbitrary local files with the privileges of the webserver (including the /etc/shadow file) and cause denial of service.

[2012-12-03] F5 FirePass SSL VPN Unauthenticated local file inclusion

[2012-11-15] Applicure dotDefender WAF format string vulnerability

[2012-10-17] ModSecurity multipart/invalid part ruleset bypass

[2012-10-17] SQL Injection vulnerability in Unirgy uStoreLocator

[2012-10-17] Multiple vulnerabilities in Oracle WebCenter Sites

[2012-08-29] Critical vulnerability in Symantec Messaging Gateway

[2012-07-12] Critical vulnerability in Magento eCommerce platform

[2012-06-26] Critical vulnerability in Zend Framework

[2012-06-18] Western Digital ShareSpace Web GUI Sensitive Data Disclosure

[2012-06-18] Critical vulnerability in Airlock web application firewall

[2012-05-18] OpenOffice.org memory overwrite vulnerability

[2012-03-28] Critical vulnerability in Microsoft ASP.NET Forms

[2012-03-28] Critical SQL Injection in F5 FirePass SSL VPN allows unauthenticated remote root

[2012-03-15] Multiple permanent cross-site scripting vulnerabilities in EMC Documentum eRoom

[2012-02-20] Vulnerabilities in ELBA Electronic Banking application

[2012-02-20] Multiple critical vulnerabilities in Voxtronic Voxlog Professional

[2012-01-04] Multiple critical vulnerabilities in Apache Struts2

 


 

[2012-12-20] Multiple vulnerabilities in ELBA Electronic Banking application
The stand-alone and network version of ELBA5 v5.5 is prone to a SQL injection vulnerability, uses default hardcoded passwords and stores user passwords as plaintext in a database. Furthermore, a stack based buffer overflow that is highly severe in multi user environments exists in a used third party component.

[2012-12-03] F5 FirePass SSL VPN Unauthenticated local file inclusion
Due to insufficient input validation in F5 FirePass SSL VPN, an unauthenticated attacker can disclose arbitrary local files with the privileges of the webserver, cause denial of service and execute arbitrary commands.

[2012-11-15] Applicure dotDefender WAF format string vulnerability
The web application firewall dotDefender by Applicure is vulnerable to a format string injection attack. Under certain circumstances, an attacker could exploit this vulnerability to execute arbitrary code on the web server running dotDefender.

[2012-10-17] ModSecurity multipart/invalid part ruleset bypass
ModSecurity can be bypassed on Apache/PHP installations by sending
specially formed multipart requests. An attacker who exploiting this flaw
can send arbitrary POST parameters to a web application even though
ModSecurity is active.

[2012-10-17] SQL Injection vulnerability in Unirgy uStoreLocator
Due to a programming error, the uStoreLocator module for Magento
eCommerce platform allows the injection of direct SQL commands, which
are executed on the backend database server through the web application.

[2012-10-17] Multiple vulnerabilities in Oracle WebCenter Sites
Multiple vulnerabilities in Oracle WebCenter Sites (former FatWire
Content Server) allow an attacker to elevate her privileges and access
arbitrary data of the backend database system.

[2012-08-29] Critical vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway provides SSH access via a hidden “support”-user.

[2012-07-12] Critical vulnerability in Magento eCommerce platform
Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. By exploiting this vulnerability a web application may be coerced to open arbitrary files and/or TCP connections.

[2012-06-26] Critical vulnerability in Zend Framework
Zend Framework suffers from a critical security issue (XML eXternal entity injection). By exploiting this vulnerability a web application may be coerced to open arbitrary files and/or TCP connections. As the Zend framework is being used widely, other web applications may be vulnerable too!

[2012-06-18] Western Digital ShareSpace Web GUI Sensitive Data Disclosure
WD ShareSpace Web GUI is prone to an unauthenticated sensitive data disclosure (such as network settings, SMB users & hashed passwords, admin credentials, etc.) due to an improper configuration of access rights of the configuration file.

[2012-06-18] Critical vulnerability in Airlock web application firewall
The Airlock WAF protection can be completely bypassed by submitting requests that contain specific overlong UTF-8 sequences.

[2012-05-18] OpenOffice.org memory overwrite vulnerability
OpenOffice.org 3.3 and 3.4 Beta versions include the customized libwpd version 0.8.8 library that has a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution.

[2012-03-28] Critical vulnerability in Microsoft ASP.NET Forms
ASP.NET Forms suffers from a critical authentication bypass / elevation of privileges vulnerability. An attacker is able to take over other user accounts. This is a detailed follow-up advisory to the advisory from 2011-12-30 including a proof-of-concept video.

[2012-03-28] Critical SQL Injection in F5 FirePass SSL VPN allows unauthenticated remote root
Due to insufficient input validation within the software, an unauthenticated attacker can escalate a critical SQL injection vulnerability to execute arbitrary commands in the context of the administrative super user (“root”).

[2012-03-15] Multiple permanent cross-site scripting vulnerabilities in EMC Documentum eRoom
Due to improper input validation, Documentum eRoom suffers from multiple permanent cross-site scripting vulnerabilities, which allow an attacker to steal other user’s sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.

[2012-02-20] Vulnerabilities in ELBA Electronic Banking application
An attacker is able to extract the whole database through SQL injection and take over other user accounts. Furthermore, ELBA v5.4.1 is prone to an information disclosure and denial-of-service vulnerability.

[2012-02-20] Multiple critical vulnerabilities in Voxtronic Voxlog Professional
An attacker is able to completely compromise the operating system with highest system rights because of critical vulnerabilities with the Voxlog voice recording solution.

[2012-01-04] Multiple critical vulnerabilities in Apache Struts2
Apache Struts2 fails to sanitize user supplied OGNL expressions sufficiently. An attacker can overwrite arbitrary files or execute arbitrary code on the target server.

[2011-12-19] Multiple vulnerabilities in WhatsApp

[2011-12-19] Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet

[2011-10-12] Critical security issue in Microsoft Forefront UAG

[2011-08-10] Critical security issue in Check Point SSL VPN On-Demand applications

[2011-07-04] Libmodplug ReadS3M Stack Overflow

[2011-07-01] Multiple SQL injection vulnerabilities in WordPress blog publishing application

[2011-06-06] Multiple cross-site scripting issues in Plone Content Management System

 


 

[2011-12-30] Critical vulnerability in Microsoft ASP.NET Forms
ASP.NET Forms suffers from a critical authentication bypass / elevation of privileges vulnerability. An attacker is able to take over other user accounts. A more detailed advisory will be published at a later date.

[2011-12-19] Multiple vulnerabilities in WhatsApp
WhatsApp Messenger has security issues regarding the registration process, update of user profiles and confidentiality of the communication.

[2011-12-19] Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet
An attacker is able to upload arbitrary files to an arbitrary path on the victim’s computer through a vulnerability in SecCommerce SecSigner Java Applet.

[2011-10-12] Critical security issue in Microsoft Forefront UAG
The client-side endpoint security solution Microsoft Forefront UAG (e.g. supplied by Microsoft Outlook Web App) has a critical vulnerability that allows an attacker to remotely execute arbitrary code on the client.

[2011-08-10] Critical security issue in Check Point SSL VPN On-Demand applications
SSL Network Extender (SNX) is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application.

[2011-07-04] Libmodplug ReadS3M Stack Overflow
The Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files e.g. through VLC, gstreamer or other media players that use Libmodplug.

[2011-07-01] Multiple SQL injection vulnerabilities in WordPress blog publishing application
Multiple SQL injection vulnerabilities in WordPress allow a malicious Editor-level user to gain further access to the site.

[2011-06-06] Multiple cross-site scripting issues in Plone Content Management System
Multiple XSS vulnerablities in Plone CMS allow for session theft and relogin trojan attacks.

2010

[2010-10-21] Multiple critical vulnerabilities in Sawmill Enterprise log file analysis software

[2010-02-08] Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface

[2010-01-15] Local file inclusion/execution and multiple Cross-Site-Request-Forgery vulnerabilities in LetoDMS (formerly MyDMS)

2009

[2009-12-17] Authentication bypass and file manipulation in Sitecore Staging Module

[2009-09-17] Multiple Vulnerabilities in RADactive I-Load

[2009-09-01] ile disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console

[2009-07-20] Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities

[2009-06-05] Apache Tomcat User Enumeration Vulnerability

[2009-05-25] Nortel Contact Center Manager Server Authentication Bypass

[2009-05-25] Nortel Contact Center Manager Server Password Disclosure

[2009-05-25] SonicWALL Global Security Client Local Privilege Escalation Vulnerability

[2009-05-25] SonicWALL Global VPN Client Local Privilege Escalation Vulnerability

[2009-05-25] SonicOS Format String Vulnerability

[2009-04-29] Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000

[2009-04-15] Novell Teaming Multiple Vulnerabilities

[2009-04-15] Nortel Application Gateway 2000 Password Disclosure Vulnerability

[2009-03-10] NextApp Echo XML Injection Vulnerability

[2009-03-10] IBM Director CIM Server Remote Denial of Service Vulnerability

[2009-03-10] Director CIM Server Local Privilege Escalation Vulnerability

2008

[2008-12-19] Fujitsu-Siemens WebTransactions remote command injection vulnerability

[2008-12-09] Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability

[2008-10-16] Remote command execution in Instant Expert Analysis signed Java applet and ActiveX Control

2007

[2007-12-04] SonicWALL Global VPN Client Format String Vulnerability

[2007-11-01] Multiple Vulnerabilities in SonicWALL SSL-VPN Client

[2007-10-31] Perdition IMAP Proxy Format String Vulnerability

[2007-10-12] Madwifi xrates element remote DOS

[2007-07-22] Remote command execution in Joomla! CMS

[2007-06-01] PHP chunk_split() integer overflow

[2007-05-09] Multiple vulnerabilities in Nokia Intellisync Mobile Suite

[2007-03-14] Apache HTTP Server / Tomcat directory traversal

[2007-03-09] MySQL 5 Single Row Subselect Denial 0f Service

[2007-02-07] File Disclosure in Pagesetter for PostNuke

2006

[2006-12-20] TYPO3 Remote Command Execution Vulnerability

[2006-06-28] Outlook Web Access Cross Site Scripting Vulnerability – Vulnerability Details

[2006-06-13] Outlook Web Access Cross Site Scripting Vulnerability

[2006-05-12] Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure

[2006-04-13] Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

2005

[2005-12-23] File Disclosure im Oracle AS Discussion Forum Portlet

[2005-12-23] Oracle AS Discussion Forum Portlet XSS

[2005-12-12] Nortel SSL VPN Cross Site Scripting/Command Execution

[2005-12-11] Horde Cross Site Scripting

[2005-12-02] Webmail Security and Browser related XSS Bugs

[2005-12-02] Cross Site Scripting in GMX Webmail

[2005-11-25] Multiple Vulnerabilities in vTiger CRM

[2005-11-07] Macromedia Flash Player ActionDefineFunction Memory Corruption

[2005-11-07] toendaCMS multiple vulnerabilities

[2005-10-25] RSA ACE Web Agent XSS

[2005-10-25] Snoopy Remote Code Execution

[2005-10-21] Yahoo / IE6 XSS

[2005-06-29] IE6 javaprxy.dll COM instantiation heap corruption

[2005-06-17] Source Code Disclosure in Yaws Webserver

[2005-06-02] Arbitrary File Inclusion in phpCMS 1.2.x

[2005-06-02] Exhibit Blind SQL Injection

[2005-05-22] Yahoo Webmail Cookie Theft

2004

[2004-12-16] PHP Input Validation Vulnerabilities

[2004-12-13] Multiple Vulnerabilities in SugarSales

[2004-11-29] Password Disclosure for SMB Shares in KDE’s Konqueror

[2004-09-23] Motorola Wireless Router WR850G Authentication Circumvention

[2004-06-06] PHP escapeshellarg Windows Vulnerability

[2004-03-30] Multiple Vulnerabilities in LinBox

2003

[2003-09-01] Internet Transaction Server Multiple Vulnerabilities

[2003-07-24] paFileDB 3.1 OS-Cmd execution

[2003-07-14] W-Angora Multiple Vulnerabilities

[2003-07-11] Invision Powerboard V.1.1.2 Multiple Vulnerabilities

[2003-02-28] Axis Webcam DOS

[2003-02-28] Typo3 3.5b5 Security Check Results

 


 

[2010-10-21] Multiple critical vulnerabilities in Sawmill Enterprise log file analysis software
Sawmill suffers from multiple vulnerabilities that allow an attacker e.g. to execute arbitrary commands, read/write files on the file system or create admin user accounts without authentication.

[2010-02-08] Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface
Xerox WorkCentre 5665/5675/5687 has a Backdoor that allows access to any folder. The Software has also a flawed user validation. In some cases it is possible to access multiple pages that would require authentication.

[2010-01-15] Local file inclusion/execution and multiple Cross-Site-Request-Forgery vulnerabilities in LetoDMS (formerly MyDMS)
LetoDMS (formerly MyDMS) is prone to local file inclusion/execution and multiple cross-site-request-forgery vulnerabilities. The file inclusion vulnerability can be used to read files from the web server and to execute malicious PHP-code.

[2009-12-17] Authentication bypass and file manipulation in Sitecore Staging Module
The Sitecore Staging Webservice is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server.

[2009-09-17] Multiple Vulnerabilities in RADactive I-Load
RADactive I-Load 2008.2.4.0 is prone to multiple vulnerabilities such as file disclosure, which allows an attacker to read arbitrary files (with the permission of the webserver) and an arbitrary file upload vulnerability.

[2009-09-01] ile disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
JSFTemplating, Mojarra Scales and the admin console of GlassFish Application Server v3 are vulnerable to a file disclosure vulnerability which allows an attacker to read arbitrary files (with the permission of the webserver) and retrieve directory listings of the whole server.

[2009-07-20] Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities
Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia’s Symbian/S60 based smartphones. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file.

[2009-06-05] Apache Tomcat User Enumeration Vulnerability
Due to insufficient error checking in some authentication classes, Apache Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. The attack is possible if form based authenticiaton (j_security_check) is used.

[2009-05-25] Nortel Contact Center Manager Server Authentication Bypass
The Nortel Contact Center Manager Server web application relies on client side cookies to check the roles of authenticated users. Authentication can be bypassed by manually setting the required cookies. By exploiting this vulnerability, an attacker can bypass authentication and access the Nortel Contact Center Manager Server.

[2009-05-25] Nortel Contact Center Manager Server Password Disclosure
The Nortel Contact Center Manager Server web application provides a SOAP interface. This interface does not need authorisation and responds to certain requests with sensitive information.

[2009-05-25] SonicWALL Global Security Client Local Privilege Escalation Vulnerability
Local exploitation of a design error in SonicWALLs Global Security Client could allow attackers to obtain increased privileges.

[2009-05-25] SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability exists in SonicWALL Global VPN client. By exploiting this vulnerability, a local attacker could execute code with LocalSystem privileges.

[2009-05-25] SonicOS Format String Vulnerability
A format string vulnerability exists in the logfile parsing function of SonicOS. An attacker could crash the system or execute arbitrary code by injecting format string metacharacters into the logfile, if an administrator subsequently uses the SonicOS GUI to view the log.

[2009-04-29] Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
The wireless LAN gateway AMG-2000 from LevelOne uses a misconfigured Squid proxy which allows an attacker to access the admin interface and the internal network. Furthermore the administration interface shows the passwords of all users and other sensitive settings in plain text.

[2009-04-15] Novell Teaming Multiple Vulnerabilities
Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. An attacker could leverage these vulnerabilities to collect information about the system and its users and conduct effective (XSS supported) hybrid phishing attacks.

[2009-04-15] Nortel Application Gateway 2000 Password Disclosure Vulnerability
The Nortel Application Gateway provides a web based administration interface. This interface responds with sensitive information to unauthorized users.

[2009-03-10] NextApp Echo XML Injection Vulnerability
Unverified XML Data is passed from the client (Webbrowser) to the NextApp Echo Engine and consequently to an underlying XML Parser. This leading to a typical XML Injection scenario.

[2009-03-10] IBM Director CIM Server Remote Denial of Service Vulnerability
The CIM server contained in the IBM Director suite for Microsoft Windows is vulnerable to a remote denial of service attack. The vulnerability allows an attacker to crash the service remotely. It will not be possible to reach the IBM Director agent until the service is manually restarted.

[2009-03-10] Director CIM Server Local Privilege Escalation Vulnerability
The CIM server which comes with IBM Director suite for Microsoft Windows contains a local privilege escalation vulnerability because the application fails to properly validate incoming indication requests. By exploiting this vulnerability an attacker can run arbitrary code with the privileges of the CIM server process (LOCAL SYSTEM in the Windows version).

[2008-12-19] Fujitsu-Siemens WebTransactions remote command injection vulnerability
Fujitsu-Siemens WebTransactions is vulnerable to remote command injection. This vulnerability allows an attacker to execute arbitrary commands on the affected system.

[2008-12-09] Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability
A vulnerability has been identified in Microsoft SQL Server. By calling the sp_replwritetovarbin extended stored procedure, an attacker can write to arbitrary memory locations and could subsequently execute code in the context of the SQL server process. By default, the affected stored procedure is accessible to all users. This vulnerability can be exploited by malicious users connecting to the SQL Server instance or via SQL injection flaws.

[2008-10-16] Remote command execution in Instant Expert Analysis signed Java applet and ActiveX Control
The Instant Expert Analysis ActiveX control, used by millions of users on sites run by NVIDIA, Activision, Electronic Arts UK, Eidos, CNET, IGN, and AMD, can be misused to run arbitrary code on the client’s systems.

[2007-12-04] SonicWALL Global VPN Client Format String Vulnerability
A format string vulnerability exists in SonicWALL Global VPN Client. The vulnerability can be triggered by importing a specially crafted configuration file.

[2007-11-01] Multiple Vulnerabilities in SonicWALL SSL-VPN Client
Multiple critical vulnerabilities have been found in the ActiveX components of SonicWALL SSL-VPN client. These vulnerabilities allow deletion of arbitrary files as well as arbitrary code execution on the client.

[2007-10-31] Perdition IMAP Proxy Format String Vulnerability
Perdition IMAP proxy is susceptible to a format string vulnerability. By exploiting this flaw, an attacker could execute arbitrary code on the affected system.

[2007-10-12] Madwifi xrates element remote DOS
Madwifi, the popular Atheros wireless device driver for linux, is vulnerable to a denial of service attack. An attacker could crash client machines that are listening for beacon frames using a fake access point.

[2007-07-22] Remote command execution in Joomla! CMS
The search component of Joomla! v1.5 beta2 allows an attacker to execute arbitrary PHP commands. It is e.g. possible to execute OS commands via system() calls. An attacker does not need to be authenticated to perform this attack!

[2007-06-01] PHP chunk_split() integer overflow
Due to missing input validation in the chunk_split function, the wrong size for a buffer is calculated. This can result in the allocation of a too small memory which leads to a buffer overflow.

[2007-05-09] Multiple vulnerabilities in Nokia Intellisync Mobile Suite
Nokia Intellisync Mobile Suite v6 suffers from multiple vulnerabilities, such as information/source code disclosure, cross site scripting and denial of service.

[2007-03-14] Apache HTTP Server / Tomcat directory traversal
If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat.

[2007-03-09] MySQL 5 Single Row Subselect Denial 0f Service
MySQL 5 can be crashed by issuing specially crafted sql queries.

[2007-02-07] File Disclosure in Pagesetter for PostNuke
The 3rd party module Pagesetter – up to its latest version (6.3.0 beta 5) – for PostNuke allows to read arbitrary files. An attacker does not need to be logged in but has to know the filename.

[2006-12-20] TYPO3 Remote Command Execution Vulnerability
The open source CMS TYPO3 is vulnerable to a remote command execution vulnerability. It can be exploited without logging into the backend and allows to completely compromise the web server where TYPO3 is installed.

[2006-06-28] Outlook Web Access Cross Site Scripting Vulnerability – Vulnerability Details
Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people’s emails.

[2006-06-13] Outlook Web Access Cross Site Scripting Vulnerability
Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people’s emails.

[2006-05-12] Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure
Enterprise FW leaks internal IPs of natted machines in response to certain HTTP requests.

[2006-04-13] Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
A buffer overflow can be triggered in Opera Browser due to a signedness error in the processing of CSS tags.

[2005-12-23] File Disclosure im Oracle AS Discussion Forum Portlet
OracleAS Discussion forum is prone to a file disclosure vulnerability. By leveraging this flaw, the attacker can read arbitrary files on the webserver.

[2005-12-23] Oracle AS Discussion Forum Portlet XSS
Multiple XSS Vulnerablities in Oracle AS Discussion Forum allow for Session Theft and Relogin Trojan Attacks.

[2005-12-12] Nortel SSL VPN Cross Site Scripting/Command Execution
Nortels SSL VPN Web Client is vulnerable to cross site scripting/command execution. By supplying a malicious Link, an attacker can execute commands on the system of the vpn client.

[2005-12-11] Horde Cross Site Scripting
Multiple Applications from the Horde Framework are vulnerable to cross site scripting attacks, thus allowing hijacking of session information.

[2005-12-02] Webmail Security and Browser related XSS Bugs
In this security information, we address serveral fixed and unfixed Cross Site Scripting flaws of large scale webmail providers.

[2005-12-02] Cross Site Scripting in GMX Webmail
GMX Webmail is prone to Cross Site Scripting Attacks. Attackers could exploit this flaw to steal session credentials of valid users.

[2005-11-25] Multiple Vulnerabilities in vTiger CRM
vTiger CRM is vulnerable to multiple security flaws that allow an attacker to gain administrativ privilediges on the CRM and execute arbitrary commands on the system.

[2005-11-07] Macromedia Flash Player ActionDefineFunction Memory Corruption
Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution.

[2005-11-07] toendaCMS multiple vulnerabilities
ToendaCMS contains various security flaws. These include theft of CMS usernames and passwords, session theft, directory traversal / reading of arbitrary files and arbitrary file uploads.

[2005-10-25] RSA ACE Web Agent XSS
Due to inadequate input validation, RSA Authentication Agent is vulnerable to a Cross Site Scripting attack.

[2005-10-25] Snoopy Remote Code Execution
Whenever an SSL protected webpage is requested with one of the many Snoopy API calls, it calls the function _httpsrequest which takes the URL as argument. Using a specially crafted URL, an attacker can supply arbitrary commands that are executed on the web server with privileges of the web user.

[2005-10-21] Yahoo / IE6 XSS
Since April 2005, SEC Consult is reporting numerous Cross Site Scripting vulnerabilities in Yahoo Webmail. These vulnerabilities allow an attacker to steal session cookies and to perform other attacks like classic XSS, relogin-Trojan and Phishing.

[2005-06-29] IE6 javaprxy.dll COM instantiation heap corruption
The Internet Explorer loads COM objects into his process memory even if they are not ActiveX Controls. These COM objects could be embedded with <object> tags. In most cases this results in a crash of the browser itself. In case of the “javaprxy.dll” this issue could lead to malicious code execution.

[2005-06-17] Source Code Disclosure in Yaws Webserver
If a null byte is appended to the filename of a yaws script, the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitiv information like passwords.

[2005-06-02] Arbitrary File Inclusion in phpCMS 1.2.x
Due to insufficient input validation, arbitrary files can be read using phpCMS 1.2.x.

[2005-06-02] Exhibit Blind SQL Injection
Using blind SQL injection, data from Exhibit Engine’s database can be read.

[2005-05-22] Yahoo Webmail Cookie Theft
Yahoos blacklists fail to detect script-tags in combination with special characters like NULL-bytes. This leavas Webmail users using MSIE vulnerable to typical XSS / Relogin-trojan / Phishing / Pharming attacks.

[2004-12-16] PHP Input Validation Vulnerabilities
PHP contains a vulnerability that allows an attacker to use NULL bytes to disclose local files. A second vulnerability exists that makes it possible to perform directory traversal for uploaded files.

[2004-12-13] Multiple Vulnerabilities in SugarSales
Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities are: Full Path Disclosure, Install Script, File Inclusion/Remote Command Execution, SQL Injection. Some of the vulnerabilities described in this advisory can only be exploited while logged into SugarSales, however there are also numerious flaws that can be exploited by a bypasser without the knowledge of a username or password.

[2004-11-29] Password Disclosure for SMB Shares in KDE’s Konqueror
The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE’s desktop, an attacker can disclose his victim’s password in plaintext.

[2004-09-23] Motorola Wireless Router WR850G Authentication Circumvention
Motorola’s Wireless Router WR850G contains a vulnerability that allows an attacker to log into the system without knowing username or password. Additionally hidden pages exist in the web interface that disclose username and password of the administrator.

[2004-06-06] PHP escapeshellarg Windows Vulnerability
Because of an input validation flaw in PHP, an attacker can execute shell commands even though the function escapeshellarg was used.

[2004-03-30] Multiple Vulnerabilities in LinBox
Multiple security flaws in LinBox allow an attacker to change system settings, read user passwords in plaintext and execute commands over SSH on the system.

[2003-09-01] Internet Transaction Server Multiple Vulnerabilities
Multiple vulnerabilities in SAP Internet Transcation Server allow an attacker to read hidden information or perform Cross Site Scripting attacks.

[2003-07-24] paFileDB 3.1 OS-Cmd execution
Two security flaws in paFileDB 3.1 allow an attacker to execute arbitrary commands on the system. Additionally an attacker can upload arbitrary files to the server.

[2003-07-14] W-Angora Multiple Vulnerabilities
W-Angora 4.1.5 features multiple security flaws that can lead to compromising of the system. The flaws include: Information/Path Disclosure, Arbitrary File Upload, OS Command Execution, Cross Site Scripting.

[2003-07-11] Invision Powerboard V.1.1.2 Multiple Vulnerabilities
Invision Powerboard is vulnerable agains Cross Site Scripting and SQL Injection attacks. The attacker might be able to use the flaws to gain control over the system.

[2003-02-28] Axis Webcam DOS
The web administration interface of Axis 2400 webcams contains two security flaws that allow an attacker to perform denial of service by shutting down the camera.

 

[2003-02-28] Typo3 3.5b5 Security Check Results
During a security check of Typo3 3.5b5 multiple serious vulnerabilities have been discovered. Those are: Path Disclosure, Arbitrary File Retrieval/Command Execution and Cross Site Scripting.

Cookie Preference

Please select an option. You can find more information about the consequences of your choice at Help.

Select an option to continue

Your selection was saved!

Help

Help

To continue, you must make a cookie selection. Below is an explanation of the different options and their meaning.

  • Accept all cookies:
    All cookies such as tracking and analytics cookies.
  • Accept first-party cookies only:
    Only cookies from this website.
  • Reject all cookies:
    No cookies except for those necessary for technical reasons are set.

You can change your cookie setting here anytime: Privacy Statement. Legal Notice

Back