An information disclosure vulnerability has been reported in F5 Big-IP TLS products. An attacker can leverage this vulnerability to disclose memory contents of a connected server.
Monthly Archives: February 2017
Beetel Connection Manager Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager. The vulnerability is due to improper parsing of parameters in the NetConfig.ini file. A remote attacker could exploit this vulnerability by enticing a user to use a crafted NetConfig.ini file.
Altap Salamander 2.5 PE Viewer Buffer Overflow (CVE-2007-3314)
A buffer overflow exists in Altap Salamander. A remote attacker could trigger this vulnerability by creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander. Successful exploitation would allows remote attackers to execute arbitrary code via the PDB file.
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow (CVE-2009-0476)
A stack-based buffer overflow exists in Audiotran 1.4.1. A remote attacker could trigger this vulnerability by enticing a victim to open a crafted file. Successful exploitation would allow remote attackers to execute arbitrary code via a long string in a playlist (.pls) file.
Total Video Player SEH Buffer Overflow
A buffer overflow vulnerability exists in Total Video Player. The vulnerability is due to improper parsing of parameters in the Settings.ini. A remote attacker could exploit this vulnerability by enticing a user to open a malformed Settings.ini file.
Microsoft Edge document.domain Same Origin Policy Bypass (MS17-001: CVE-2017-0002)
A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.
CVE-2016-9269
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.
CVE-2016-9314
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.
CVE-2016-9316
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
CVE-2017-6095
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.