Author Archives: CERT

VU#754056: Fonality contains a hard-coded password and embedded SSL private key

Posted on June 1, 2016 by CERT

Fonality(previously trixbox Pro)version 12.6 and later uses a hard-coded password,and the accompanying HUDweb plugin embeds a private SSL key. Continue reading VU#754056: Fonality contains a hard-coded password and embedded SSL private key→

VU#482135: MEDHOST Perioperative Information Management System contains hard-coded database credentials

Posted on May 26, 2016 by CERT

MEDHOST Perioperative Information Management System(PIMS)versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Continue reading VU#482135: MEDHOST Perioperative Information Management System contains hard-coded database credentials→

VU#204232: Up.time agent for Linux does not authenticate a user before allowing read access to the file system

Posted on May 19, 2016 by CERT

The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system. Continue reading VU#204232: Up.time agent for Linux does not authenticate a user before allowing read access to the file system→

VU#586503: Chef Manage deserializes cookie data insecurely

Posted on May 17, 2016 by CERT

Chef Manage add-on,version 1.11.4 and earlier,deserializes cookie data insecurely,which may be leveraged to gain unauthenticated remote code execution. Continue reading VU#586503: Chef Manage deserializes cookie data insecurely→

VU#785823: Lantronix xPrintServer contains multiple vulnerabilities

Posted on May 13, 2016 by CERT

The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Continue reading VU#785823: Lantronix xPrintServer contains multiple vulnerabilities→

VU#250519: ImageMagick does not properly validate input before processing images using a delegate

Posted on May 4, 2016 by CERT

ImageMagick does not properly validate user input before processing it using a delegate,which may lead to arbitrary code execution. This issue is also known as"ImageTragick". Continue reading VU#250519: ImageMagick does not properly validate input before processing images using a delegate→

VU#369800: Little CMS 2 DefaultICCintents double-free vulnerability

Posted on May 4, 2016 by CERT

Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. Continue reading VU#369800: Little CMS 2 DefaultICCintents double-free vulnerability→

VU#862384: libarchive contains a heap-based buffer overflow due to improper input validation

Posted on May 2, 2016 by CERT

An attacker may be able to coerce a user into executing arbitrary code in the context of the current user by attempting to unzip a crafted zip file provided by the attacker. Continue reading VU#862384: libarchive contains a heap-based buffer overflow due to improper input validation→

VU#505560: Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

Posted on April 29, 2016 by CERT

The Accellion File Transfer Appliance(FTA)contains multiple vulnerabilites that can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. Continue reading VU#505560: Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities→

VU#718152: NTP.org ntpd contains multiple vulnerabilities

Posted on April 27, 2016 by CERT

The NTP.org reference implementation of ntpd contains multiple vulnerabilities. Continue reading VU#718152: NTP.org ntpd contains multiple vulnerabilities→