Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
834309bd7c681fce682800c2b27a31c0Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
351e7980ee3be97f07ceb95ec237ce90Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
3d6f950a9eef0caafbc05be378131051Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
75bd302689d825abf438d908c7aeabceCore Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e711534cc773eca194793a6b82ce5f46Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.
5fddced07d5ad899ebb2d9c6bf48f392FreeBSD Security Advisory - A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.
708f3ca1de7547e635db4e1854a95614SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.
229590470a8be1c064d928eb9d902bc6The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.
60159a622a73952074ae7f293204a463Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.
498b12c9f26fa23e69a5e2b0a2958b51Intel Driver Update Utility version 2.2.0.5 suffers from a man-in-the-middle vulnerability..
806cf80769dbf0b3c70df852390390aeCore Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.
74ea83d965e529488bfa6515c1580c14Core Security Technologies Advisory - FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges.
473ad536ac1c73e9f90a7e23fabae2e6Core Security Technologies Advisory - The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera is vulnerable to an OS command injection vulnerability in the snwrite.cgi binary.
7124f8f0393514cbd2c400fe16bf5cedCore Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.
fc263c324b380d578253500cb911f7eeCore Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.
3aa3978a27fa3acaea9ec52e47ed4150Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
ffabd0e87a44868591f2822fc712f644Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.
e263ea03f930df38de1f6bc467a26735Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.
3d889804e96aef041e76e55fec51792aCore Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
364a74b173679d6c23119f93cd7f0e6eCore Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.
b2b8740843fe391023b6c152b27fe322Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
dd8c3fcef37258dd9b8bfea7c1a546f1Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.
ff7d9bcc00d2a18a43f7fc849c98b473Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
74b9b0456e1bc2ec9edc9f1342760a4dCore Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.
235685a5967719a6453d6269c1a81c40
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed