Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.
Monthly Archives: March 2017
CVE-2017-2689
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
CVE-2017-2687
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.
CVE-2017-2688
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
CVE-2017-7297
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
kernel-4.11.0-0.rc4.git0.1.fc26
Kernel 4.11-rc4
DSA-3824 firebird2.5 – security update
George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users to execute arbitrary code on the
firebird server.
Vuln: Ruby on Rails Action Pack CVE-2016-0751 Denial of Service Vulnerability
Ruby on Rails Action Pack CVE-2016-0751 Denial of Service Vulnerability
Vuln: LibTIFF CVE-2016-9533 Heap Buffer Overflow Vulnerability
LibTIFF CVE-2016-9533 Heap Buffer Overflow Vulnerability