Tagged: cert

VU#842780: Vesta Control Panel is vulnerable to cross-site request forgery 0

VU#842780: Vesta Control Panel is vulnerable to cross-site request forgery

Vulnerability Note VU#842780 Vesta Control Panel is vulnerable to cross-site request forgery Original Release date: 16 Jun 2015 | Last revised: 16 Jun 2015 Overview Vesta Control Panel is vulnerable to a cross-site request forgery (CSRF) attack. Description CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2015-2861 Vesta Control Panel contains a cross-site request forgery (CSRF) vulnerability.

VU#301788: Toshiba CHEC contains a hard-coded cryptographic key 0

VU#301788: Toshiba CHEC contains a hard-coded cryptographic key

Vulnerability Note VU#301788 Toshiba CHEC contains a hard-coded cryptographic key Original Release date: 08 Jun 2015 | Last revised: 08 Jun 2015 Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321 : Use of Hard-coded Cryptographic Key – CVE-2014-4875 Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the CreateBossCredentials.jar file. An attacker that can access the bossinfo.pro file may be able to use the hard-coded AES key to decrypt its contents, including the BOSS database credentials.

VU#264092: McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates 0

VU#264092: McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates

Vulnerability Note VU#264092 McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates Original Release date: 04 Jun 2015 | Last revised: 04 Jun 2015 Overview McAfee ePolicy Orchestrator versions 4.6.8 and earlier and 5.1.1 and earlier fail to properly validate SSL/TLS certificates. Description CWE-295 : Improper Certificate Validation – CVE-2015-2859 McAfee ePolicy Orchestrator (ePO) supports integration with external registered servers for a variety of purposes, such as data collection and aggregation

VU#498348: Blue Coat SSL Visibility Appliance contains multiple vulnerabilities 0

VU#498348: Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Vulnerability Note VU#498348 Blue Coat SSL Visibility Appliance contains multiple vulnerabilities Original Release date: 29 May 2015 | Last revised: 29 May 2015 Overview Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. Description Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2015-2852 Blue Coat SSL Visibility Appliance contains a cross-site request forgery (CSRF) vulnerability.

VU#581276: EMC AutoStart is vulnerable to remote code execution via specially crafted packets 0

VU#581276: EMC AutoStart is vulnerable to remote code execution via specially crafted packets

Vulnerability Note VU#581276 EMC AutoStart is vulnerable to remote code execution via specially crafted packets Original Release date: 30 Apr 2015 | Last revised: 30 Apr 2015 Overview EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets. Description EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters of applications or nodes as well as single instances

VU#750060: Hewlett-Packard Network Automation contains multiple vulnerabilities 0

VU#750060: Hewlett-Packard Network Automation contains multiple vulnerabilities

Vulnerability Note VU#750060 Hewlett-Packard Network Automation contains multiple vulnerabilities Original Release date: 17 Apr 2015 | Last revised: 17 Apr 2015 Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cross site request forgery (CSRF), cross-site scripting (XSS), and clickjacking issues

VU#274244: Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure 0

VU#274244: Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

Vulnerability Note VU#274244 Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure Original Release date: 14 Apr 2015 | Last revised: 14 Apr 2015 Overview The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting (XSS) and information disclosure. Description The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network

VU#697316: SearchBlox contains multiple vulnerabilities 0

VU#697316: SearchBlox contains multiple vulnerabilities

Vulnerability Note VU#697316 SearchBlox contains multiple vulnerabilities Original Release date: 14 Apr 2015 | Last revised: 14 Apr 2015 Overview SearchBlox versions 8.1.x and below contain multiple vulnerabilities. Description CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2015-0967 SearchBlox contains multiple cross-site scripting (XSS) vulnerabilities, including a reflected XSS in the default search box of http:// :8080/searchblox/plugin/index.html and a persistent XSS in the title field of the ‘Create Featured Result’ form, http:// :8080/searchblox/admin/main.jsp?menu1=res. Note that an attacker must be authenticated to leverage the persistent XSS

VU#924124: X-Cart contains multiple vulnerabilities 0

VU#924124: X-Cart contains multiple vulnerabilities

Vulnerability Note VU#924124 X-Cart contains multiple vulnerabilities Original Release date: 02 Apr 2015 | Last revised: 02 Apr 2015 Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass.