Collaborate Disseminate
Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands,which may allow an attacker to execute arbitrary code. Continue reading VU#229047: Allround Automations PL/SQL Developer v11 performs updates over HTTP
The SysLINK SL-1000 M2M(Machine-to-Machine)Modular Gateway contains multiple vulnerabilities. Continue reading VU#822980: SysLINK M2M Modular Gateway contains multiple vulnerabilities
The HP Data Protector does not perform user authentication,even when Encrypted Control Communications is enabled,and contains an embedded SSL private key that is shared among all installations. Continue reading VU#267328: HP Data Protector does not perform authentication and contains an embedded SSL private key
The Security Account Manager Remote(SAMR)and Local Security Authority(Domain Policy)(LSAD)protocols do not properly establish Remote Procedure Call(RPC)channels,which may allow any attacker to impersonate an authenticated user or gain access to the SAM database,or launch denial of service attacks. This vulnerability is also known publicly as"Badlock". Continue reading VU#813296: Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")
The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle’s OBD-II port and provides information about the vehicle’s performance. The BlueDriver does not require a PIN for Bluetooth access,which allows anyone in range to send arbitrary commands to the vehicle’s CAN bus. Continue reading VU#615456: Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access
Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Continue reading VU#344432: Patterson Dental Eaglesoft uses a hard-coded database password across installations
Autodesk Backburner 2016,version 2016.0.0.2150 and earlier,fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code. Continue reading VU#732760: Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability
npm allows packages to take actions that could result in a malicious npm package author to create a worm that spreads across the majority of the npm ecosystem. Continue reading VU#319816: npm fails to restrict the actions of malicious npm packages
Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity(XXE)attack that may be leveraged to expose sensitive data on the host.. Continue reading VU#279472: Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Continue reading VU#897144: Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow