Tagged: cert

VU#305096: Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium 0

VU#305096: Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium

Vulnerability Note VU#305096 Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 04 Feb 2016 Overview Comodo Chromodo browser, version 45.8.12.392, 45.8.12.391, and possibly earlier, does not enforce same origin policy, which allows for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities. Description Comodo Chromodo is a web browser that comes packaged with Comodo Internet Security

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities 0

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Vulnerability Note VU#777024 Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Original Release date: 03 Feb 2016 | Last revised: 03 Feb 2016 Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Description Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password 0

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password

Vulnerability Note VU#544527 OpenELEC and RasPlex have a hard-coded SSH root password Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259 : Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password once installed; furthermore, SSH access is enabled by default

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries 0

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

Vulnerability Note VU#972224 Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries Original Release date: 01 Feb 2016 | Last revised: 01 Feb 2016 Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8265 Huawei Mobile WiFi E5151 and E5186 routers use static source ports for all DNS queries originating from the local area network (LAN).

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows 0

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows

Vulnerability Note VU#916896 Oracle Outside In 8.5.2 contains multiple stack buffer overflows Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#913000: Samsung SRN-1670D camera contains multiple vulnerabilities 0

VU#913000: Samsung SRN-1670D camera contains multiple vulnerabilities

Vulnerability Note VU#913000 Samsung SRN-1670D camera contains multiple vulnerabilities Original Release date: 12 Jan 2016 | Last revised: 12 Jan 2016 Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264 : Permissions, Privileges, and Access Controls – CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200 : Information Exposure – CVE-2015-8280 The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.

VU#753264: IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects 0

VU#753264: IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Vulnerability Note VU#753264 IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects Original Release date: 07 Jan 2016 | Last revised: 07 Jan 2016 Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502 : Deserialization of Untrusted Data – CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements

VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption 0

VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption

Vulnerability Note VU#418072 Comcast XFINITY Home Security fails to properly handle wireless communications disruption Original Release date: 05 Jan 2016 | Last revised: 05 Jan 2016 Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636 : Not Failing Securely (‘Failing Open’) Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band to maintain state between sensors and the base station. When component communications are disrupted, the system does not trigger any alerts and additionally may take from minutes to hours to re-establish communications, during which time no alarm escalation occurs

VU#757840: Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users 0

VU#757840: Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users

Vulnerability Note VU#757840 Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users Original Release date: 18 Dec 2015 | Last revised: 18 Dec 2015 Overview Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284 : Improper Access Control – CVE-2015-8267 Dovestones Software AD Self Password Reset contains a vulnerable method PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll that fails to validate the requesting user

VU#330000: ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery 0

VU#330000: ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery

Vulnerability Note VU#330000 ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery Original Release date: 10 Dec 2015 | Last revised: 10 Dec 2015 Overview ZyXEL NBG-418N router, firmware version 1.00(AADZ.3)C0, uses default credentials and is vulnerable to cross-site request forgery. Description CWE-255 : Credentials Management – CVE-2015-7283 The ZyXEL NBG-418N web administration interface uses non-random default credentials of admin:1234. A local area network attacker can gain privileged access to a vulnerable device’s web management interfaces or leverage default credentials in remote attacks such as cross-site request forgery