npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet.
Monthly Archives: February 2015
CVE-2015-0888
KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors.
CVE-2015-0889
KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.
CVE-2014-9676
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free.
CVE-2014-9682
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
Loxone Smart Home CSRF / XSS / DoS / Credential Leakage
Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.
HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure
HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.
Vuln: ENOVIA Unspecified Security Vulnerability
ENOVIA Unspecified Security Vulnerability
Vuln: IBM DB2 Administration Server (DAS) 'validateUser()' Stack Buffer Overflow Vulnerability
IBM DB2 Administration Server (DAS) ‘validateUser()’ Stack Buffer Overflow Vulnerability
Vuln: Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver ‘rankings.php’ Local File Include Vulnerability