QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.
1b6b302fa261390c5f0c6aa9787378c2eaa3685d815a17a90ab3bfb40b207096Ubuntu Security Notice 5241-1 - It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.
32d6d60a122670053f2e460a06106159ff6aabe1544ead509400874e9613b9daQNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.
604298053dafd0abe28f387617874da35d43eb2b5d986c0ce5674a7007367477MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.
5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdbMATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.
9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7bQNAP QTS suffers from multiple command injection vulnerabilities.
343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005QNAP QTS versions prior to 4.2.4 suffer from a sensitive data exposure vulnerability that allows for privilege escalation.
3d248b7122dde92c3c6cff49c15a639517a9a2504a008042fa15212812bc6b27QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.
2338d54a3f3425f4ef6945698a4d1e0725c1aeb60607671654d4a0472c4453d7Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.
5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdecaMicrosoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).
a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
cb5c2ee3db6c55c22f86862e5b72bd113f7ae769e329bc847caa576516a573f1QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.
27689d9fdae27206f86fb67c52b512a57abc9dffe9f0f4d19e8aa363d3efdb19QNAP QTS version 4.2.1 Build 20160601 suffers from a cross site scripting vulnerability.
559a2c873cc88588570a681aea2d06fbbb6046cd8fdf54b9dbfec6256c89dda1QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
448d8a4712caf953aec99fadb1be4168c93a5e989fce7c009cd8577b1290902fQNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.
96a4d53ecd91f1a17608c43886a495fcf40a7eca582c4989e48e047118b247ceQNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.
892e6af51235735fae4ad4873dc7e3cc493bcb86a765cb905cdf1117cf7df8a9QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
e766f0f6ff858161e23849a3310ffff9e284a377d2850c7d0aacd1f4541b45deCHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and keystroke injection vulnerabilities.
8d783cf17d0aeb744bc415fcc3f5209b17a3b0f1fec084fd4a66af59968c352fCHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from insufficient protection of code (firmware) and data (cryptographic key).
f1ff00bde501a530edae9d601cb3986ee2e1274ad3e4408f7af68bf525e7d5f6pgpdump version 0.29 suffers from an endless loop parsing issue that can lead to a denial of service.
ca2cebf5bbc203a10cddb4380a1efb60238193332dfe72831f57c0aef4db21f2The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.
5a2d36d564fe004b8101678bcdc007666e0547fe8e23b7a50847efbc69680872At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.
082b8f3575ba36bdc1044ed8d817104a1afb0c9d70e9163c8f9dfb60e5762b1aThe innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.
cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931innovaphone versions IP222 and IP232 suffer from a remote denial of service vulnerability.
82d16c58171e185f50439ca2a3e3a97783090e29049d727064dcd3b319f9348eInserting an HTML 'script' tag into the URL of a web site protected by Sophos UTM 525 yields an error page which contains the 'script' tag unfiltered. Executing malicious JavaScript code in the victim's browser is therefore straightforward.
1eceff53bf6b122d6139c8726d40ddfbec1d153d9f984494053dc00259fcd5f7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed