CERT – Page 38 – WindowsTechs.com

VU#905344: HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Posted on August 15, 2016 by CERT

HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally requested domain. Continue reading VU#905344: HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected→

VU#301735: Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

Posted on August 12, 2016 by CERT

The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Continue reading VU#301735: Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials→

VU#332115: D-Link routers contain buffer overflow vulnerability

Posted on August 11, 2016 by CERT

D-Link DIR routers contain a stack-based buffer overflow vulnerability,which may allow a remote attack to execute arbitrary code. Continue reading VU#332115: D-Link routers contain buffer overflow vulnerability→

VU#735416: UltraVNC repeater does not restrict IP addresses or ports by default

Posted on August 8, 2016 by CERT

UltraVNC repeater versions prior to ultravnc_repeater_1300 do not restrict usage by IP address by default and cannot restrict by ports,which may be leveraged to induce connections to arbitrary hosts using any port. Continue reading VU#735416: UltraVNC repeater does not restrict IP addresses or ports by default→

VU#877625: Proxy auto-config (PAC) files have access to full HTTPS URLs

Posted on August 4, 2016 by CERT

Web proxy auto-config(PAC)files are passed the full HTTPS URL in GET requests which may expose sensitive data. Continue reading VU#877625: Proxy auto-config (PAC) files have access to full HTTPS URLs→

VU#856152: NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

Posted on August 4, 2016 by CERT

NUUO NVRmini 2,NVRsolo,Crystal,and Netgear ReadyNAS Surveillance products have web management interfaces containing multiple vulnerabilities that can be leveraged to gain complete control of affected devices. Continue reading VU#856152: NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities→

VU#603047: Crestron AirMedia AM-100 contains multiple vulnerabilities

Posted on August 1, 2016 by CERT

The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Continue reading VU#603047: Crestron AirMedia AM-100 contains multiple vulnerabilities→

VU#974424: Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Posted on August 1, 2016 by CERT

Crestron Electronics DM-TXRX-100-STR,version 1.2866.00026 and earlier,has a web management interface which contains multiple vulnerabilities,including authentication bypass,failure to restrict access to authorized users,use of hard-coded certificate,default credentials,and cross-site request forgery(CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Continue reading VU#974424: Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities→

VU#217871: Intel CrossWalk project does not validate SSL certificates after first acceptance

Posted on July 29, 2016 by CERT

The Intel Crosswalk project is a framework for developing hybrid apps for Android and iOS. The Crosswalk project does not properly handle SSL certificate validation when a user accepts an invalid certificate,preventing the app for validating any future SSL certificates. Continue reading VU#217871: Intel CrossWalk project does not validate SSL certificates after first acceptance→

VU#682704: Misys FusionCapital Opics Plus contains multiple vulnerabilities

Posted on July 19, 2016 by CERT

Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Continue reading VU#682704: Misys FusionCapital Opics Plus contains multiple vulnerabilities→