Home Tags CERT

Tag: CERT

VU#489392: Acronis True Image fails to update itself securely

Acronis True Image fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

VU#846320: Samsung Magician fails to update itself securely

Samsung Magician fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

VU#768399: HPE SiteScope contains multiple vulnerabilities

HPE's SiteScope is vulnerable to several cryptographic issues,insufficiently protected credentials,and missing authentication.

VU#251927: CalAmp LMU-3030 devices may not authenticate SMS interface

OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device,manufactured by CalAmp,has an SMS(text message)interface. We have found multiple deployments where no password was configured for this interface by the integrator/reseller.

Companies using the CalAmp hardware should be aware that they need to set a password or disable SMS.
Vendors were notified and the SMS interface was disabled or password-protected by all vendors known to be affected.

VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom...

WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote,unauthenticated attacker to change the administrator password on the device.

VU#556600: Space Coast Credit Union SCCU Mobile for Android and iPhone...

Space Coast Credit Union SCCU Mobile for Android,version 2.1.0.1104 and earlier,and for iOS,version 2.2 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#276408: Think Mutual Bank Mobile Banking App for iPhone fails to...

Think Mutual Bank mobile banking app for iOS,version 3.1.5 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#491375: Intel Active Management Technology (AMT) does not properly enforce access...

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation,which may allow a remote,unauthenticated attacker to execute arbitrary code on the system.

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

VU#334207: DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to...

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point,and allows full file permissions to the anonymous user.

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.