Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41Cisco Security Advisory - Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Workarounds that mitigate this vulnerability are available.
4864f4e17fe47b8f6178a603e1cc20bb9f967ec80c223712f14bfa2e367c5c8cWebTitan Appliance version 3.50.x suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.
fc36f088e6865e73ce812efc72a79fc291f9849945bb64c34b54e2f5d12ad892Secunia Security Advisory - Two vulnerabilities have been reported in op5 Appliance, which can be exploited by malicious people to compromise a vulnerable system.
c7f3e961fc39ff594fe6fce250ca26f3902271954cd5e2eca01f0adefeba389bHP Security Bulletin HPSBST02722 SSRT100279 - Potential security vulnerabilities have been identified with HP StorageWorks P4000 Virtual SAN Appliance. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.
996647dc29f7627fb3407599e345530142ce8ba02e5a56048cbb728d9f28afd8Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.
1097d4b14ed70d0577b30c181226431a6b5273b3c23a932c7f3a24851781b70aSecunia Security Advisory - A security issue and some vulnerabilities have been reported in Dell KACE K2000 System Deployment Appliance, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
fe05959968f3a5523e1f6845e381ea7e07a80d112593f5e176b3d12071a5fee6RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
d6c17fb8212061ea954a4976ae4b748959d55e6ff9650d94fea7f2f7e7179676Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by denial of service and authentication bypass vulnerabilities.
073964b616dbb1d2cf327038f0dbbeead07dfb3fcc23456be8257b230bbd14a6FortiMail Messaging Security Appliance version 4.0 suffers from multiple cross site scripting vulnerabilities.
be546ae6f0c8d5fa8dbeae37a31bcb5ee98757b246b536fc5a2faf03ab620c4fFortiAnalyzer Appliance suffers from cross site scripting vulnerabilities.
c0e3048326f3314f8001e5a5642d92e40a25d98ed6db5d39e9a82a38198bc72fThis Metasploit module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options.
bc789e70640c945e6a6f6fa9ba27368f9de27c0090d0ccd409f59ebd6c1e5bd1Secunia Security Advisory - Two vulnerabilities have been reported in Cisco SA 500 Series Security Appliances, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct SQL injection attacks.
8c8c5a093035d911fbbc1321d357f0e61a242a0bc55dcd4faf64da3c411c184eCisco Security Advisory - Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
8b3960c1957150337fa342ec83e2ac3e818b1cc014f35f691270707173b6a216Zero Day Initiative Advisory 11-233 - This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of the Symantec Web Gateway appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the username parameter of POST requests to the forget.php script. The parameter is not sanitized and a remote attacker can abuse this to inject arbitrary SQL into the underlying database.
87203ae1cbdf2e7d69bc6bc2e98651528d00f21540ac1ec7b2898b9546e99dcbTrend Micro Data Loss Prevention Virtual Appliance version 5.5 suffers from a remote directory traversal vulnerability.
9e4a683965cc8e8df30b8f761a331a5cb92c21cc6bfd6e2ec457aa0f2caf65d1Secunia Security Advisory - A vulnerability has been reported in the IP POWER 9258 appliances, which can be exploited by malicious people to bypass certain security restrictions.
141468aed5fd90715630c50098fa22d0cac0f9de23ed8acfb4f26b52c9f6b1caTrustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
af8e8db72fb21529ddd405451250cf64c1245de881c6b67c33191743d4d5a7f7Secunia Security Advisory - Some vulnerabilities have been reported in ZyXEL ZyWALL appliances, which can be exploited by malicious users and malicious people to bypass certain security restrictions.
5cbfd405eecafefac08ac2a21502d0313f2a1810c979130e7ec9f7998b29b9a8ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.
3c3b7741d67dfb8732fd6d0430e8b65afec081b0c019357960986f8df29478ddZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.
a79275261085696d0102bdf6c611df7de8b6388dbd1c16f1dcfe29f1632051fcSecunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM WebSphere DataPower XC10 Appliance.
274d5fd1146562ab3f8cacdb5c6f3b2e985dd76b41a6fac6f12de6710b09eef4Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.
24446062eb90c4d17ea1ba0f83f4803c4913b1ec06f203037496bac6d2b93644Zero Day Initiative Advisory 11-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Virtual SAN appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra.exe component which listens by default on port 13838. When parsing a login request the Hydra daemon will call sscanf() using fixed-length stack buffers and no length checks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM service.
73496b0eb858f94167382044ec5e18e5abed9cec1b3e7f22124125e1e9131443The Cisco IPSec VPN implementation suffers from a group name enumeration vulnerability. Systems affected include the ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances, Cisco VPN 3000 Series Concentrators.
e273f712e7c79d45e648db42f3dadd108d184c00a953ab5b8689f1e87ed31a6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed