CERT Advisories

VU#350089: IBM Notes and Domino on x86 Linux specify an executable...

IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes,Domino,and any of the child processes that they may spawn.

VU#622950: Toshiba Global Commerce Solutions’ 4690 Point of Sale operating system...

Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328)

VU#495476: Openfire contains an uncontrolled resource consumption vulnerability

Openfire 3.9.1,and possibly earlier versions,contains an uncontrolled resource consumption(CWE-400)vulnerability when using XMPP DEFLATE message compression.

VU#657622: Xangati software release contains relative path traversal and command injection...

Xangati's software release contains relative path traversal(CWE-23)and command injection(CWE-78)vulnerabilities.

VU#215284: Artiva Agency Single Sign-On (SSO) feature vulnerability

Artiva Agency Single Sign-On(SSO)feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user.

VU#437385: PaperThin CommonSpot CMS contains multiple vulnerabilities

PaperThin CommonSpot contains multiple vulnerabilities,which may allow an unauthenticated remote attacker to execute arbitrary code on the server.

VU#901156: PivotX 2.3.8 contains multiple vulnerabilities

PivotX 2.3.8,and possibly earlier versions,contains cross-site scripting(CWE-79)and unsafe file upload(CWE-434)vulnerabilities.

VU#251628: AMTELCO miSecureMessages Server insecurely authenticates clients

AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages(CWE-287).

VU#667340: Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Fortinet FortiADC D-series 3.2.0,and possibly earlier versions,contains a cross-site scripting vulnerability. (CWE-79)

VU#939260: ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0,and possibly earlier versions,is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable.

VU#882841: Microsoft Office file format converter memory corruption vulnerability

The Microsoft Office file format converter contains a memory corruption vulnerability,which may allow a remote,unauthenticated attacker to execute arbitrary code with the privileges of the user.

VU#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information

OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as"heartbleed."