Next Page >>
Vendor Status
> Application: Buffalo AirStation Web Management
>
> Devices: WHR-G54S Ver.1.20, possibly other Buffalo products
> Severity: Cross site request forgery in management interface
> Risk: Moderate
> Vendor Status: No response from vendor.
> References: http://www.louhi.fi/advisory/buffalo_070907.txt
>
>
> Overview:
>
SYS.DBMS_DEFER_SYS can exploit this vulnerability. By default, users
granted DBA have the required privilege. Exploitation of this
vulnerability allows an attacker to execute SQL commands with SYS
privileges.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
Restrict access to the SYS.DBMS_DEFER_SYS package.
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database.
Impact:
It is possible to cause a denial of service on the Oracle process by sending a specially crafted network packet.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Advisory: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
Advisory ID: SSCHADV2011-008
Author: Stefan Schurtz
Affected Software: Version 1.2.3 and probably prior versions
Vendor URL: http://www.k5n.us/webcalendar.php
Vendor Status: informed
CVE-ID: -
==========================
Vulnerability Description:
==========================
Devices: Zyxel Zywall2 (possibly all other Zyxel devices using
the same firmware)
Severity: Moderate
Impact: Persistent cross site scripting, cross site request
forgery, persistant denial of service
Vendor Status: Vendor notified
References: http://www.louhi.fi/advisory/zyxel_070810.txt
Overview:
Devices: HP LaserJet M1522n MFP,
HP Color LaserJet 2605dtn
possibly other HP products
Attack type : CSRF
Risk: Low
Vendor Status: Issue documented in a customer notice
References: http://www.louhinetworks.fi/advisory/HP_20090317.txt
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
Computer Associates released patches for these vulnerabilities. These
patches are available here:
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcserveb
ld-securitynotice.asp.
>> ...
>>
>>
>>> Timeline:
>>> ---------
>>> Vendor Status: MSRC tracking case closed
>>> Vendor Notified: March 31st 2008
>>> Vendor Response: May 6th 2008
>>> Advisory Release: October 15th 2008
>>> Patch available: - (vulnerability not high priority)
>>>
Blink - Unified Client Security has proactively protected from these
vulnerabilities since their discovery.
Retina - Network Security Scanner has been updated to identify these
vulnerabilities.
Vendor Status:
Computer Associates released patches for these vulnerabilities. These
patches are available here:
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
Credit:
brute-force approach.
Knowing this, an attacker can login into remote ReadyNAS devices, and
access all data on the system.
Vendor Status:
After contact with the vendor, the vendor released a fix in less than a
week, together with the beta of RAIDiator 4.0, which allows a user
to enable root access with a changable password.
The vendor also released an advisory [1].
Advisory: DAEMON Tools IOCTL local denial-of-service vulnerability
Advisory ID: JVNDB-2011-000085
Author: Satoshi TANDA
Affected Software: Successfully tested on DAEMON Tools 4.40
Vendor URL: http://www.daemon-tools.cc/eng/home
Vendor Status: fixed
CVE-ID: CVE-2011-3987
==========================
Advisory: Site@School 2.4.10 SQL Injection & XSS vulnerabilities
Advisory ID: SSCHADV2011-030
Author: Stefan Schurtz
Affected Software: Successfully tested on Site@School 2.4.10
Vendor URL: http://sourceforge.net/projects/siteatschool/
Vendor Status: insecure and no longer maintained
CVE-ID: -
==========================
Vulnerability Description:
==========================
Released: 03-20-08
Rev: 54
Risk: Low - Moderate
High if Web Access is in active use and
access to login page is unrestricted
Vendor Status: Vendor notified, patch available.
References: http://www.louhinetworks.fi/advisory/ibm_090409.txt
Affected devices (from vendor):
IBM BladeCenter E (1881, 7967, 8677)
IBM BladeCenter H (7989, 8852)
Application: Version Number(s): 4.x, 5.x and 6.x
Severity: Ability to remotely determine version, build, service
pack, hot fix levels and times and dates each were installed
Author(s): Brook Powers, Sr. Network Engineer (bpowers@tech-serve
dot com)
Vendor Status: Vendor Notified February 1st, 2008
CVE Candidate: CVE-2008-0636
Reference: http://www.tech-serve.com/research/advisories/2008/
Overview:
Release Date: 2011-03-22
Application: Apple OS X kernel (XNU)
Versions: All versions <= xnu-1504.7.4
Severity: Medium
Author: Dan Rosenberg <drosenberg (at) vsecurity (dot) com>
Vendor Status: Patch Released [2]
CVE Candidate: CVE-2011-0180
Reference: http://www.vsecurity.com/resources/advisory/20110322-1/
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Mac OS X v10.4 through v10.4.10,
Mac OS X Server v10.4 through v10.4.10
Remotely Exploitable: No
Locally Exploitable: Yes
Vendor URL: http://www.apple.com
Vendor Status: Vendor has released an updated version
CVE-ID: CVE-2007-4686
Patch development time: 241 days
======================
Advisory: Cross-Site Scripting vulnerability in Nagios
Advisory ID: SSCHADV2011-006
Author: Stefan Schurtz
Affected Software: Successfully tested on: nagios 3.2.3
Vendor URL: http://www.nagios.org
Vendor Status: informed
CVE-ID: -
==========================
Vulnerability Description:
==========================
Release Date: 2010-08-16
Application: Coda kernel module for NetBSD and FreeBSD
Versions: All known versions
Severity: Medium
Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com >
Vendor Status: Patch Released [2][3]
CVE Candidate: CVE-2010-3014
Reference: http://www.vsecurity.com/resources/advisory/20100816-1/
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Application: MobileRediff 1.04 by http://www.rediff.com/
Vendor Contact Date: 4/24/2009 (Vendor notified by email)
Release Date: 7/15/2009
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Medium (Information Disclosure)
Vendor Status: No Response received
Overview:
Rediffmail component of MobileRediff (Version 1.04) application allows username and password disclosure.
Details:
Author: Gursev Kalra (gursev.kalra@foundstone.com)
Vendor Contact Date: 4/21/2009 (Vendor notified by email)
Release Date: 07/21/2009
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Low (Information Disclosure)
Vendor Status: Version 3.8 fixes this problem
Overview: mChek application stores Credit/Debit Card numbers and bank name without protection
Application: mChek 3.4 by http://www.mchek.com/
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
~ f.close
}
[Vendor Status]
- ----------------------------------------------------------------------
Vendor Notified
SYS.DBMS_CDC_UTILITY can exploit this vulnerability. By default, users
granted SELECT_CATALOG_ROLE have the required privilege. Exploitation of
this vulnerability allows an attacker to execute SQL commands with SYS
privileges.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
Restrict access to the SYS.DBMS_CDC_UTILITY package.
Affected Versions: <= 1.4.0.7
Fixed Versions: 1.4.0.8
Vulnerability Type: Memory corruption
Security Risk: medium
Vendor URL: http://www.geopp.de
Vendor Status: notified
Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2010-002
Advisory Status: published
CVE: TBA
CVE URL: TBA
Severity: Several shell locales with support for east asian
variable width encodings allow bypassing PHP's
shell command escaping functions, safe_mode and
disable_functions
Risk: Medium/High
Vendor Status: Vendor has released PHP 5.2.6 which uses locale
aware shell command/argument escaping
Reference: http://www.sektioneins.de/advisories/SE-2008-03.txt
Overview:
Program flaws - The product scripts have flaws which allow attackers to screen the file content with potentially sensitive information.
Vendor:
Bosch IT-Consulting
Vendor Status:
The Vendor has confirmed the problem and has release new version 1.47 that addresses the problem. New version of product was tested and we can confirm that all vulnerabilities were solved. For more information see vendor announcement. To download the latest version go to vendors product download area.
Workaround:
Change files permissions or modify .htaccess file (this will work only for the apache servers).
Example:
Also available for any *.inc file
>> ...
>>
>>
>>> Timeline:
>>> ---------
>>> Vendor Status: MSRC tracking case closed
>>> Vendor Notified: March 31st 2008
>>> Vendor Response: May 6th 2008
>>> Advisory Release: October 15th 2008
>>> Patch available: - (vulnerability not high priority)
>>>
SQL injection allows malicious people to execute their own SQL scripts. This could be exploited to obtain sensitive data, modify database contents or acquire administrator's privileges.
Vendor:
Quirm
Vendor Status:
The Vendor has confirmed the problem and has release new version 5.41 that addresses the problem. New version of product was tested and we can confirm that all vulnerabilities were solved. For more information see vendor announcement. To download the latest version go to vendors product download area.
Workaround:
From netVigilance:
In the php.ini file set magic_quotes_gpc = On.
Advisory: openEngine 2.0 'key' Blind SQL Injection vulnerability
Advisory ID: SSCHADV2011-026
Author: Stefan Schurtz
Affected Software: Successfully tested on openEngine 2.0 100226
Vendor URL: http://www.openengine.de/
Vendor Status: informed
CVE-ID: -
==========================
Vulnerability Description
==========================
The 'targetType' parameter used in web page /em/console/target/svclvl/slrule and 'serviceType' parameter used in web page /em/console/target/svclvl/sldetails are vulnerable to SQL Injection attacks. These web pages are part of Oracle Enterprise Manager web application that is included with Oracle Database 11g Release 1. It may be possible for a malicious Enterprise Manager user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted.
Impact:
This vulnerability allows an Oracle Enterprise Manager web user with VIEW (or more) privileges to execute a function call with the elevated privileges of the SYSMAN database user. This may also be exploited by an attacker that convinces a valid user to click or open a malicious link.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Advisory: Multiple XSS vulnerabilities in LightNEasy
Advisory ID: SSCHADV2011-013
Author: Stefan Schurtz
Affected Software: 3.2.4
Vendor URL: http://www.lightneasy.org/
Vendor Status: informed
CVE-ID: -
==========================
Vulnerability Description:
==========================
Next Page>>
|
