CERT Advisories

VU#846103: Sungard eTRAKiT3 may be vulnerable to SQL injection

According to the reporter,the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.

VU#791496: Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#633847: NTP.org ntpd contains multiple denial of service vulnerabilities

NTP.org ntpd prior to 4.2.8p9 contains multiple denial of service vulnerabilities.

VU#624539: Ragentek Android OTA update mechanism vulnerable to MITM attack

Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel,which can allow a remote attacker to execute arbitrary code with root privileges.

VU#346175: Imagely NextGen Gallery plugin for WordPress contains a local file...

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file.

VU#677427: D-Link routers HNAP service contains stack-based buffer overflow

D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action.

VU#402847: Zizai Tech Nut contains multiple vulnerabilities

Zizai Tech Nut contains multiple vulnerabilities Original Release date: 25 Oct 2016 | Last revised: 25 Oct 2016 Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Descriptio...

VU#617567: TrackR Bravo contains multiple vulnerabilities

TrackR Bravo contains multiple vulnerabilities Original Release date: 25 Oct 2016 | Last revised: 27 Oct 2016 Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description C...

VU#974055: iTrack Easy contains multiple vulnerabilities

iTrack Easy contains multiple vulnerabilities Original Release date: 25 Oct 2016 | Last revised: 25 Oct 2016 Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE...

VU#243144: Linux kernel memory subsystem copy on write mechanism contains a...

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability Original Release date: 21 Oct 2016 | Last revised: 24 Oct 2016 Overview The Linux kernel since version 2.6.22 contains a race condition in the way the copy ...

VU#404187: Synology NAS servers contain insecure default credentials

Synology NAS servers contain insecure default credentials Original Release date: 20 Oct 2016 | Last revised: 20 Oct 2016 Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - C...

VU#970379: Green Packet DX-350 contains insecure default credentials

Green Packet DX-350 contains insecure default credentials Original Release date: 20 Oct 2016 | Last revised: 20 Oct 2016 Overview Green Packet DX-350 uses default credentials Description CWE-255: Credentials Management - CVE-2016-6552 Green Packet ...