iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.
434dce4a3760a9007c3d719b3ef5ed6a9779f57077aab4e7c303f1688be36903The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.
dd1e9c94795aba4ffecf00c4d23acf69a25e54a0a279d3b90a3b780c202eb617Comcast DOCSIS 3.0 Business Gateways suffer from static credential, multiple cross site request forgery, and weak session management vulnerabilities. Versions prior to 1.4.0.49.2 are affected.
bfdcb29692e23009cac35584f81732340459c02965c99dd869039d3e1eb6ba5eClear iSpot / Clearspot version 2.0.0.0 suffers from multiple cross site request forgery vulnerabilities.
557f592e7d9902546a91c2ef1117b4bcd128072e4039a2a740e535462ca0814dThe Camtron CMNC-200 IP Camera suffers from buffer overflow, administrative bypass, default account and directory traversal vulnerabilities.
f4179a3a7b9ccf1244b48c4730ed3dbeb4940f45a22b1e54806f6011ae691979FreePBX versions 2.8.0 and below suffer from a remote code execution vulnerability.
d839195f9db7fa9e1b80afddfe9fb68b622f5255ab3e52b81e30ba662b8c23e6The EMC Celerra Network Attached Storage (NAS) appliance allows for unauthorized access to a root NFS export.
7f8a55ea48522f9e3ff51e1ce2c01aa22c50783f5a13c5e6ad77041f33f1523fThe Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.
fd01d4172df55b8994b34803311ab871ff8630ad51141bd4511fe4f4065759a2SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
274d820d5053b91c5b4019151e6accd446cb31435dfa6ae866e1d89dceee5e44The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities.
826573c559cecc29255977b0d05ddb68c96b1d5ee4bffbb810ce7796d4a3c7b5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed