Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.
d41fcb2fcfd845b70a122e20b1cbd17e3b183211e307eaf35331480595a9fc22
FreeBSD Security Advisory - A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.
1b06a4a8fb40914b387a59838b891b91a1f57185e7bb078d76328e2d133bb85d
SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.
1f6322a207069e2f5bc531348512c5fd625d13c50f19530142f4b90972ead191
The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.
18a66fe7900c1810c0fc80919872842aa7dc1c3f9621fc72457dd1327d263f61
Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.
96d4f6a74a820b941b3d27b4014182f1cacb7fd773eb0e70d29238ade9b5878d
Intel Driver Update Utility version 2.2.0.5 suffers from a man-in-the-middle vulnerability..
e47293d69eb8139c8de8025addf7e52b3998421aa909919458c18ea509ebee5d
Core Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.
9799e326c07a7ab71d9ef358d6f4d5e6a701d96b2706e59c7ebca20a69575734
Core Security Technologies Advisory - FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges.
eb3989d1b9f1a9ea82e128163f3dd7af6b06b7a269e82b874287736be1633b3f
Core Security Technologies Advisory - The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera is vulnerable to an OS command injection vulnerability in the snwrite.cgi binary.
21c2101703c779b440b5b09b966619ab442997dafefe43dda29ce74298fae4b6
Core Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.
4f5dfe0ba3159b241b97dd31fdce3b6857722610dfebf00e92c39d6677ccf2b6
Core Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.
e11474848d575d94bc3dada06c86583e82c5a7ffe114e1c931a34769da9a4783
Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
b7740dd59be457ef9148466ce77bd2cb7d93fd8bf564a611bcde64e3a811e628
Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.
43fb2590b9fc435e2c9ebe21968f5729e87d0846d203db8e44a8e274d09e864c
Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.
57fc076cced40621b525e0c4d60739b93696cbf99216bd6939f718ba48293d6d
Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bc
Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.
2167c7e20b2242c7ce65869777a2ee4ff54c41d53ab3d3bacd78665f8b3aa975
Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2
Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.
feb52e38d88fae494e9480f07d94fba29e88f585adbd14e6a5b09a5a89af5f6c
Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
3ed69590b68e44bc5711dfe4b54294c20f7bfaa50ab879dbe8a42222c370cc12
Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.
f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091a
Core Security Technologies Advisory - Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.
a64726d244d547419fa3a47c114cb81761f6e477ec05f980a3199ab9e0a55aca
Core Security Technologies Advisory - Advantech AdamView version 4.3 has two different fields vulnerable to buffer overflow attacks, which can be exploited by attackers in order to execute arbitrary code by running files with the '.gni' extension that is associated with the AdamView software.
4fe10cda753e8e158ce53fcdfbfe4c893a64dbd2105a91b331e4abac8fc4f063
Core Security Technologies Advisory - A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the "Standalone Enqueue Server" service, part of SAP Netweaver Application Server ABAP/Java. The "Standalone Enqueue Server" is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.
2fe79852efd8b14902357955bf4b11e2258b497446f8f44384873604c64f25db
Core Security Technologies Advisory - Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed in this advisory are prone to a security vulnerability when processing malformed BMP files.
e5d3a05ca6a86350c09bc366e54473553ee4ec86cc0c637a44fb2d0aee2f16db
Core Security Technologies Advisory - Advantech WebAccess version 7.2 suffers from multiple buffer overflow vulnerabilities.
909690e95e7b916c1fbab64b4af5b09fb3ba04112c7ca47c95bbd232e68cb553