18.3 C
London
Tuesday, August 22, 2017

VU#745607: Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting and information exposure.

VU#867968: Microsoft Windows SMB Tree Connect Response denial of service vulnerability

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic,which may allow a remote,unauthenticated attacker to cause a denial of service on a vulnerable system.

VU#167623: SHDesigns Resident Download Manager does not authenticate firmware downloads

SHDesigns' Resident Download Manager(as well as the Ethernet Download Manager)does not authenticate firmware downloads before executing code and deploying them to devices.

VU#909240: Cisco WebEx web browser extension allows arbitrary code execution

The Cisco WebEx extensions for Chrome,Firefox,and Internet Explorer allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable Windows system.

VU#865216: CodeLathe FileCloud is vulnerable to cross-site request forgery

CodeLathe FileCloud,version 13.0.0.32841 and earlier,is vulnerable to cross-site request forgery(CSRF).

VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates

On the iOS platform,the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections,which may allow an attacker to perform a man-in-the-middle(MITM)attack.

VU#475907: ShoreTel Mobility Client mobile application does not verify SSL certificates

ShoreTel Mobility Client for iOS and Android,version 9.1.3.109 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#535111: McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption...

McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability.

VU#779243: EpubCheck 4.0.1 contains a XML external entity processing vulnerability

EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks.

VU#245327: McAfee VirusScan for Linux contains multiple vulnerabilities

McAfee VirusScan for Linux contains multiple vulnerabilities.

VU#582384: Multiple Netgear routers are vulnerable to arbitrary command injection

Netgear R6250,R6400,R6700,R6900,R7000,R7100LG,R7300DST,R7900,R8000,D6220,and D6400 routers and possibly other models are vulnerable to arbitrary command injection.

VU#768331: ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

On Windows endpoints,the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code.