Tagged: cert

VU#581276: EMC AutoStart is vulnerable to remote code execution via specially crafted packets 0

VU#581276: EMC AutoStart is vulnerable to remote code execution via specially crafted packets

Vulnerability Note VU#581276 EMC AutoStart is vulnerable to remote code execution via specially crafted packets Original Release date: 30 Apr 2015 | Last revised: 30 Apr 2015 Overview EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets. Description EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters of applications or nodes as well as single instances

VU#750060: Hewlett-Packard Network Automation contains multiple vulnerabilities 0

VU#750060: Hewlett-Packard Network Automation contains multiple vulnerabilities

Vulnerability Note VU#750060 Hewlett-Packard Network Automation contains multiple vulnerabilities Original Release date: 17 Apr 2015 | Last revised: 17 Apr 2015 Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cross site request forgery (CSRF), cross-site scripting (XSS), and clickjacking issues

VU#274244: Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure 0

VU#274244: Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

Vulnerability Note VU#274244 Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure Original Release date: 14 Apr 2015 | Last revised: 14 Apr 2015 Overview The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting (XSS) and information disclosure. Description The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network

VU#697316: SearchBlox contains multiple vulnerabilities 0

VU#697316: SearchBlox contains multiple vulnerabilities

Vulnerability Note VU#697316 SearchBlox contains multiple vulnerabilities Original Release date: 14 Apr 2015 | Last revised: 14 Apr 2015 Overview SearchBlox versions 8.1.x and below contain multiple vulnerabilities. Description CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2015-0967 SearchBlox contains multiple cross-site scripting (XSS) vulnerabilities, including a reflected XSS in the default search box of http:// :8080/searchblox/plugin/index.html and a persistent XSS in the title field of the ‘Create Featured Result’ form, http:// :8080/searchblox/admin/main.jsp?menu1=res. Note that an attacker must be authenticated to leverage the persistent XSS

VU#924124: X-Cart contains multiple vulnerabilities 0

VU#924124: X-Cart contains multiple vulnerabilities

Vulnerability Note VU#924124 X-Cart contains multiple vulnerabilities Original Release date: 02 Apr 2015 | Last revised: 02 Apr 2015 Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass.

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem 0

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Vulnerability Note VU#930956 Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem Original Release date: 26 Mar 2015 | Last revised: 26 Mar 2015 Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276 : Incorrect Default Permissions The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates 0

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates

Vulnerability Note VU#894897 NSIS Inetc plug-in fails to validate SSL certificates Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet.

VU#632140: Multiple Toshiba products are vulnerable to trusted service path privilege escalation 0

VU#632140: Multiple Toshiba products are vulnerable to trusted service path privilege escalation

Vulnerability Note VU#632140 Multiple Toshiba products are vulnerable to trusted service path privilege escalation Original Release date: 27 Feb 2015 | Last revised: 27 Feb 2015 Overview Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability. Description CWE-428 : Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27(T) and earlier, as well as TOSHIBA Service Station versions 2.2.13 and earlier, contain a trusted service path privilege escalation vulnerability. Impact A local authenticated attacker may be able to escalate privileges to SYSTEM

privdog 0

VU#366544: Adtrustmedia PrivDog fails to validate SSL certificates

Vulnerability Note VU#366544 Adtrustmedia PrivDog fails to validate SSL certificates Original Release date: 23 Feb 2015 | Last revised: 23 Feb 2015 Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises “… safer, faster and more private web browsing.” Privdog installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate.