CERT – Page 43 – WindowsTechs.com

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver

Posted on February 17, 2016 by CERT

GNU glibc contains a buffer overflow vulnerability in the DNS resolver,which may allow a remote attacker to execute arbitrary code. Continue reading VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver→

Posted on February 16, 2016 by CERT

Hirschmann"Classic Platform"switches contain a password sync feature that syncs the switch administrator password with the SNMP community password,exposing the administrator password to attackers on the local network. Continue reading VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default→

Posted on February 11, 2016 by CERT

Cisco Adaptive Security Appliance(ASA)Internet Key Exchange versions 1 and 2(IKEv1 and IKEv2)contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Continue reading VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability→

Posted on February 4, 2016 by CERT

Comodo Chromodo browser,version 45.8.12.391,and possibly earlier,bundles the Ad Sanitizer extension,version 1.4.0.26,which disables the same origin policy,allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities. Continue reading VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium→

Posted on February 3, 2016 by CERT

Netgear Management System NMS300,version 1.5.0.11 and earlier,is vulnerable to arbitrary file upload,which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Continue reading VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities→

Posted on February 2, 2016 by CERT

OpenELEC and derivatives utilize a hard-coded default root password,and enable SSH root access by default. Continue reading VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password→

Posted on February 2, 2016 by CERT

The Fisher-Price Smart Toy does not perform proper authentication of some API commands,and it may also use a vulnerable version of Android. Continue reading VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands→