Tagged: cert

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem 0

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Vulnerability Note VU#930956 Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem Original Release date: 26 Mar 2015 | Last revised: 26 Mar 2015 Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276 : Incorrect Default Permissions The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates 0

VU#894897: NSIS Inetc plug-in fails to validate SSL certificates

Vulnerability Note VU#894897 NSIS Inetc plug-in fails to validate SSL certificates Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet.

VU#632140: Multiple Toshiba products are vulnerable to trusted service path privilege escalation 0

VU#632140: Multiple Toshiba products are vulnerable to trusted service path privilege escalation

Vulnerability Note VU#632140 Multiple Toshiba products are vulnerable to trusted service path privilege escalation Original Release date: 27 Feb 2015 | Last revised: 27 Feb 2015 Overview Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability. Description CWE-428 : Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27(T) and earlier, as well as TOSHIBA Service Station versions 2.2.13 and earlier, contain a trusted service path privilege escalation vulnerability. Impact A local authenticated attacker may be able to escalate privileges to SYSTEM

privdog 0

VU#366544: Adtrustmedia PrivDog fails to validate SSL certificates

Vulnerability Note VU#366544 Adtrustmedia PrivDog fails to validate SSL certificates Original Release date: 23 Feb 2015 | Last revised: 23 Feb 2015 Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises “… safer, faster and more private web browsing.” Privdog installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate.

VU#529496: Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys 0

VU#529496: Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys

Vulnerability Note VU#529496 Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys Original Release date: 19 Feb 2015 | Last revised: 19 Feb 2015 Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described “interception engine” designed to enable developers to integrate proxy services and web traffic modification (such as ad injection ) into their applications. With the SSL Digestor module, HTTPS traffic can also be manipulated.

VU#529496: Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys 0

VU#529496: Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

Vulnerability Note VU#529496 Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys Original Release date: 19 Feb 2015 | Last revised: 20 Feb 2015 Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described “interception engine” designed to enable developers to integrate proxy services and web traffic modification (such as ad injection ) into their applications. With the SSL Digestor module, HTTPS traffic can also be manipulated.

VU#669156: Topline Systems Opportunity Form vulnerable to information disclosure 0

VU#669156: Topline Systems Opportunity Form vulnerable to information disclosure

Vulnerability Note VU#669156 Topline Systems Opportunity Form vulnerable to information disclosure Original Release date: 05 Feb 2015 | Last revised: 05 Feb 2015 Overview Topline Systems Opportunity Form contains an information disclosure vulnerability. Description CWE-200 : Information Exposure Topline Systems Opportunity Form is a macro-enabled Excel spreadsheet that contains connection strings to a public-facing database. By running procedures included in the spreadsheet, user names, email addresses, and passwords are exposed in plain text.

VU#522460: SerVision HVG Video Gateway web interface contains multiple vulnerabilities 0

VU#522460: SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Vulnerability Note VU#522460 SerVision HVG Video Gateway web interface contains multiple vulnerabilities Original Release date: 02 Feb 2015 | Last revised: 02 Feb 2015 Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288 : Authentication Bypass Using an Alternate Path or Channel, and CWE-284 : Improper Access Control – CVE-2015-0929 By visiting time.htm, a user is issued a cookie that grants administrative privileges in the Servision HVG web interface. There are two distinct impacts of this vulnerability: An unauthenticated user is able to bypass authentication.

VU#546340: QPR Portal contains multiple vulnerabilities 0

VU#546340: QPR Portal contains multiple vulnerabilities

Vulnerability Note VU#546340 QPR Portal contains multiple vulnerabilities Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability.

VU#117604: Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication 0

VU#117604: Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Vulnerability Note VU#117604 Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication Original Release date: 13 Jan 2015 | Last revised: 13 Jan 2015 Overview Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data. Description CWE-319 : Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data between the client and server